Records Management Code of Practice 2021

A guide to the management of health and care records

AUGUST 2021 2 3

CONTENTS

Introduction 4 Section 4: Records Storage for operational use 28 4.1 Overview 28 4.2 Management and Storage of Paper Records 28 Section 1: Scope of the Code 8 4.3 Management and Storage of Digital Records 28 1.1 Overview 8 4.4 Managing offsite records 32 1.2 What is a record? 8 1.3 Scope of records covered by the Code 8 1.4 Type of records covered by the Code 10 Section 5: Management of records when the minimum retention period is reached 34 5.1 Overview 34 Section 2: Records Management Obligations 12 5.2 Appraisal 34 2.1 Overview 12 5.3 Destroying and deleting records 36 2.2 Legal Obligations 12 5.4 Continued Retention 39 2.3 Professional obligations 14 5.5 Records for permanent preservation 41 2.4 Management Responsibilities 16 2.5 Organisational Policy 17 Appendix I: Public and Statutory Inquiries 46 2.6 Monitoring Records Management Performance 19 Appendix II: Retention schedule 47 Appendix III: How to deal with specific types of records 88 Section 3: Organising Records 20 Annex 1: Records at contract change 116 3.1 Overview 20 3.2 Designing a Records Keeping System 20 3.3 Conducting a Data Protection Impact Assessment 23 3.4 Declaring a Record 24 3.5 Organising Records 25 3.6 Using metadata to organise and find records 26 3.7 Applying Security Classifications 27

Records Management Code of Practice 2021 4 5

Introduction

The Records Management Code of Practice for Health and Social Care 2021 (from this point onwards referred to as the Code) is a guide for you to use in relation to the practice of managing records. It is relevant to organisations working within, or under contract to, the NHS in England. The Code also applies to adult social care and public health functions commissioned or delivered by local authorities.

The Code provides a framework for consistent and effective records management based on established standards. It includes guidelines on topics such as legal, professional, organisational and individual responsibilities when managing records. It also advises on how to design and implement a records management system including advice on organising, storing, retaining and deleting records. It applies to all records regardless of the media they are held on. Wherever possible organisations should be moving away from paper towards digital records.

The Code is accompanied by a number of important appendices: • Appendix I: information on public inquiries • Appendix II: a retention schedule for different types of records • Appendix III: detailed advice on managing different types and formats of records such as integrated care records and staff records.

All organisations and managers need to enable staff to conform to the standards in this Code. This includes identifying organisational changes or other requirements needed to meet the standards, for example, the people, money and correct tools required. Information Governance performance assessments, such as the Data Security and Protection Toolkit hosted by NHS Digital, and your own organisation management arrangements will help you identify any necessary changes to your current records management practices. Those who have responsibilities for monitoring overall performance, like NHS England and Improvement and the Care Quality Commission (CQC), help ensure effective management systems are in place. An example is by inspecting sites as part of their key lines of enquiry and statutory powers.

The guidelines in this Code draw on published guidance from The National Archives and best practice in the public and private sectors. It is informed by lessons learnt and it will help organisations to implement the recommendations of the Mid Staffordshire NHS Foundation Trust Public Inquiry relating to records management and transparency.

Records Management Code of Practice 2021 6 7

This Code must also be read in conjunction with the following: It should also be noted that we are proposing to undertake a review into the retention time for de-registered GP records. De-registered refers to when a • Professional Records Standards Body (PRSB) structure and content of health patient is no longer on the GP practice system. It does not refer to patients and care records standards who are still registered at a GP practice but have not needed to receive • Lord Chancellor’s Code of Practice on the management of records issued care. If a patient has moved to another practice, the record would be sent under section 46 of the Freedom of Information Act 2000 (FOIA) - The to the new provider. However, if the reason for de-registration is unknown, National Archives has commenced work on revising this code and will issue the digital record is printed off and sent in paper form to NHS England and an update in due course. Improvement. We are proposing to review the retention time for de-registered GP records to ensure that the significant costs of retaining the records for 100 years are justified by the benefits they bring. We will look for example at how This 2021 revision was conducted by NHSX. It reflects feedback following many records are recalled and what the reasons are. a consultation which 50 organisations responded to including national stakeholders and local organisations. It is intended to be a light-touch review. The Code replaces previous guidance listed below: • Records Management: NHS Code of Practice: Parts 1 and 2: 2006, revised 2009 and 2016 • HSC 1999/053: For the Record - managing records in NHS Trusts and health authorities • HSC 1998/217: Preservation, Retention and Destruction of GP General Medical Services Records Relating to Patients (Replacement for FHSL (94) (30)) • HSC 1998/153: Using Electronic Patient Records in Hospitals: Legal Requirements and Good Practice

Standards and practice covered by the Code will change over time so this document will be reviewed and updated as necessary. In particular, it should be noted that at the time of writing there are a number of on-going public inquiries including the Independent Inquiry into Historic Child Sex Abuse (IICSA) and Infected Blood Public Inquiry (IBI). This means that records must not be destroyed until guidance is issued by the inquiry. Future public inquiries may lead to specific records management requirements. Where that happens, the Inquiry will publish additional guidance on its website. NHS England and Improvement may also issue guidance to the health and care system relating to the inquiry.

Records Management Code of Practice 2021 8 9

Scope of the Code

1.1 OVERVIEW 1.3 SCOPE OF RECORDS COVERED BY THE CODE

This section explains the legal definition of a record and the types of records in The guidelines in this Code apply to NHS and adult social care records. This scope of the Code. includes: • records of patients treated by NHS organisations 1.2 WHAT IS A RECORD? • records of patients treated on behalf of the NHS in the private healthcare sector • records of private patients treated on NHS premises There are a couple of definitions of a record, which are useful to highlight. The ISO standard ISO 15489-1:2016 defines a record as: • records created by providers contracted to deliver NHS services (for example, GP services) ‘Information created, received, and maintained as evidence and as an asset by an organisation or person, in pursuance of legal obligations or in • adult service user records who receive social care support the transaction of business.’ • jointly held records • records held as part of a Shared Care Records programme Section 205 of the Data Protection Act 2018 defines a health record as a record which: • records held by local authorities such as public health records, contraceptive and sexual health service records • consists of data concerning health • staff records • has been made by or on behalf of a health professional in connection with the diagnosis, care or treatment of the individual to whom the data relates. • complaints records • corporate records – administrative records relating to all functions of the organisation

The Code does not cover children’s social care records. These are within the remit of the Department for Education.

Whilst not strictly covered by this guide, private providers can also use this Code for guidance in relation to their records management. The Private and Voluntary Health Care (England) Regulations 2001 provide a legal framework for private providers to manage their records.

There are a number of smaller health and care providers that this Code will apply to, for example, dental practices or independent care providers providing an element of NHS or nursing care. For some aspects of this Code, these small organisations should take a pragmatic approach to, for example, the application of security classifications.

Records Management Code of Practice 2021 Scope of the Code 10 11

1.4 TYPE OF RECORDS COVERED BY THE CODE

The guidelines apply regardless of the media on which the records are held. Examples of record formats that should be managed using the guidelines from Usually these records will be on paper or digital. However, some specialties will this code: include physical records, such as physical moulds made from plaster of Paris • digital (refer to Appendix III). • paper Examples of records that should be managed using the guidelines in this • photographs, slides, and other images Code include: • microform (microfiche or microfilm) • health and care records • physical records (records made of physical material such as plaster, gypsum • registers - for example, birth, death, Accident and Emergency, theatre, and alginate moulds) minor operations • audio and video tapes, cassettes, CD-ROM etc • administrative records, for example, personnel, estates, financial and accounting records, notes associated with complaint-handling • e-mails • x-ray and imaging reports, output and images • computerised records • secondary uses records (such as records that relate to uses beyond • scanned records individual care), for example, records used for service management, planning, research • text messages (SMS) and social media (both outgoing from the NHS and incoming responses from the patient or service user) such as Twitter and Skype • metadata added to, or automatically created by, digital systems when in use. Content can sometimes be of little value if it is not accompanied by relevant metadata • websites and intranet sites that provide key information to patients or service users and staff

Appendix III provides further details about managing specific types of records, for example, complaints records.

Records Management Code of Practice 2021 Scope of the Code 12 13

Records management obligations

2.1 OVERVIEW local health and care organisations, then these records would be managed in line with the requirements of the Public Records Act 1958 where one or more of the bodies that created the joint record is a public record body. All health and care employees are responsible for managing records appropriately. Records must be managed in accordance with the law. Health and The NHS Standard Contract notes a contractual requirement on organisations care professionals also have professional responsibilities, for example, complying which are not bound by either the Public Records Act 1958 or the Local with the Caldicott Principles and records keeping standards set out by registrant Government Act 1972 to manage the records they create. There are also bodies. Whilst every employee has individual responsibilities, each organisation statutory requirements affecting both private and voluntary care providers as set should have a designated member of staff who leads on records management. out in the Private and Voluntary Health Care Regulations 2001. Each organisation should also have a policy statement on records management which is made available to staff through induction and training. Organisations Freedom of Information Act 2000 may be asked for evidence to demonstrate they operate a satisfactory records The Freedom of Information Act (FOIA) governs access to and management of management regime. non-personal public records. The FOIA was designed to create transparency in government and allow any citizen to know about the provision of public services through the right to submit a request for information. This right is only as good 2.2 LEGAL OBLIGATIONS as the ability of those organisations to supply information through good records management programmes. Records managers should adhere to the code of practice on record keeping issued by the Secretary of State for Culture, Media Public Records Act 1958 and Local Government Act 1972 and Sport, under section 46 of the FOIA. The section 46 Code of Practice is used as a statutory statement of good practice by the regulator and the courts. The Public Records Act 1958 is the principal legislation relating to public records. Records of NHS organisations are public records in accordance with Schedule 1 UK GDPR and Data Protection Act 2018 of the Act. This means that employees are responsible for any records that they create or use in the course of their duties. This includes records controlled by The UK GDPR is the principal legislation governing how records, information and NHS organisations under contractual or other joint arrangements, or as inherited personal data are managed. It sets in law how personal and special categories of legacy records of defunct NHS organisations. The Act applies regardless of the information may be processed. The Data Protection Act 2018 principles are also format of the records. The Secretary of State for Health and Social Care and all relevant to the management of records. Under the UK GDPR, organisations may NHS organisations have a duty under the Act to make arrangements for the be required to undertake Data Protection Impact Assessments (DPIA) as set out safekeeping and eventual disposal of all types of records. This is carried out in Section 3 of this Records Management Code. under the overall guidance and supervision of the Keeper of Public Records who reports annually on this to the Secretary of State for Culture, Media and Sport The UK GDPR also introduces a principle of accountability. The Information who is accountable to parliament. Commissioner’s Office (ICO) Accountability Framework can support organisations with their obligations. Good records management will help organisations to Public health and social care records, where a local authority is the provider demonstrate compliance with this principle. (or the provider is contracted to provide services to a local authority), must be managed in accordance with the requirement to make proper arrangements Health and Social Care Act 2008 under Section 224 of the Local Government Act 1972. This states that proper Regulation 17 under the Health and Social Care Act 2008 requires that arrangements must be in place with respect to any documents that belong to or health and care providers must securely maintain accurate, complete and are in the custody of the council or any of their officers. detailed records for patients or service users, employment of staff and overall management. The CQC are responsible for regulating this and have issued Where health and social care records are created as a joint record or part of a guidance on regulation 17. The CQC may have regard to the Code when system where local health and care organisations can see the records of other assessing providers’ compliance with this regulation.

Records Management Code of Practice 2021 Records Management Obligations 14 15

Other relevant legislation • Faculty of General Dental Practice

Other legislation requires information to be held as proof of an activity against • Pharmaceutical Services Negotiating Committee the eventuality of a claim. Examples of legislation include the Limitation Act • Royal College of Physicians 1980 or the Consumer Protection Act 1987. The Limitation Act sets out the length of time you can bring a legal case after an event and sets it at six years. • Social Work England This forms the basis for some of the retention periods set out in Appendix II. There are also organisations that provide advice specifically to records managers 2.3 PROFESSIONAL OBLIGATIONS and archivists. These are: • The Federation for Informatics Professionals • The National Archives Staff who are registered to a Professional body, such as the General Medical Council (GMC), Nursing and Midwifery Council (NMC) or Social Work England • The Archives and Records Association will be required to adhere to record keeping standards defined by their • The Institute of Health Records and Information Management registrant body. This is designed to guard against professional misconduct and to provide high quality care in line with the requirements of professional bodies. • Information and Records Management Society

The Academy of Medical Royal Colleges (AoMRC) generic medical record Caldicott principles keeping standards were prepared for use in the NHS, primarily in acute settings but the standards are useful for all health and care settings. The AoMRC notes The Caldicott principles outline eight areas that all health and social care staff that a medical record, whether paper or digital, must adhere to certain record are expected to adhere to in addition to the UK GDPR. keeping standards. The Royal College of Nursing has produced guidance on abbreviations and other short forms in patient or client records.

Further information about professional standards for records can be obtained from your relevant professional body. The main standard setting bodies in health and social care in England are: • Academy of Medical Royal Colleges • British Medical Association • General Medical Council • Health and Care Professions Council • Royal College of Midwives • Royal College of General Practitioners • Royal College of Nursing • Royal College of Obstetricians & Gynaecologists • Royal College of Pathologists

Records Management Code of Practice 2021 Records Management Obligations 16 17

2.4 MANAGEMENT RESPONSIBILITIES 2.5 ORGANISATIONAL POLICY

Records management should be recognised as a specific corporate responsibility Each organisation must have an overall policy statement on how it manages all within every organisation. It should provide a managerial focus for records of its records. This may be a standalone policy or part of the overall suite of IG of all types, in all formats throughout their lifecycle, from creation through policies. The policy should include details of how the organisation will use the to ultimate disposal. The records management function should have clear records it creates. For example, as well as records being used to plan and deliver responsibilities and objectives and be adequately resourced to achieve them. care, they will also be used for service improvement and research.

A designated member of staff of appropriate seniority, ideally with suitable This statement must be endorsed by the Operational Management Team, board records management qualifications, should have lead responsibility for records (or equivalent) and made available to all staff at induction and through regular management within the organisation. This could be a care home manager or updates and training. practice manager or in a larger organisation, a staff member reporting directly to a board member. This lead role should be formally acknowledged, included in The policy statement should provide a mandate for the performance of all relevant job descriptions and communicated throughout the organisation. It is records and information management functions. In particular, it should set out essential that the manager(s) responsible for the records management function an organisational commitment to create, keep, manage, and dispose of records is directly accountable to or works in close association with the manager(s) and document its principal activities in this respect. The policy should also: responsible for other information governance work areas. When new IT projects or upgrades are introduced, the person responsible for Records Management • outline the role of records management within the organisation and its should be closely involved. relationship to the organisation’s overall strategy • define roles and responsibilities within the organisation in relation to As records management activities are undertaken throughout the organisation, records, including the responsibility of individuals to document their actions mechanisms must be in place to enable the designated corporate lead to and decisions. An example is, who is responsible for the disposal of records exercise an appropriate level of management of this activity, even where there is no direct reporting line. This might include cross-departmental records and • assign responsibility for the arrangements for records appraisal, selection information working groups or individual information and records champions or and transfer for the permanent preservation of records (as required by coordinators who may also be information asset owners. section 3 (1) of the Public Records Act 1958) • provide a framework for supporting standards, procedures and guidelines All staff, whether working with clinical or administrative records, must be and regulatory requirements (such as CQC and the NHS Digital hosted Data appropriately trained so that they are competent to carry out their designated Security and Protection Toolkit) duties and fully aware of their personal responsibilities in respect of record keeping and records management. No patient or service users’ records or • indicate the way in which compliance with the policy and its supporting systems should be handled or used until training has been completed. Training standards, procedures and guidelines will be monitored and maintained must include the use of electronic records systems. It should be done through • provide the mandate for final disposal of all information by naming the generic and organisation-wide training programmes which can be department committee or group that oversees the processes and procedures or context specific. Training should be complemented by organisational policies, procedures and guidance documentation. • provide instruction on meeting the records management requirements of the FOIA and the UK GDPR

Records Management Code of Practice 2021 Records Management Obligations 18 19

The policy statement should be reviewed at regular intervals (at least once every 2.6 MONITORING RECORDS MANAGEMENT PERFORMANCE two years) and if appropriate should be amended to maintain its relevance. The policy is also an important component of the organisation’s information governance arrangements and should be referenced in the organisation’s IG Organisations may be asked for evidence to demonstrate they operate a policies or framework. satisfactory records management regime. There is a range of sanctions available if satisfactory arrangements are not in place. Sanctions vary in their severity for Organisations must also conduct an annual survey to understand the extent of both organisations and the individual. They may include: their records management responsibilities and to help inform future work-plans. It will aid organisations to know: • formal warning • what series of records it holds (and potential quantities) • professional de-registration – temporary suspension or permanent • the format of its records • regulatory intervention – leading to conditions being imposed upon an organisation, or monetary penalty issued by the ICO • the business area that created the record (and potential Information Asset Owner) • disposal potential for the coming year

Information Asset Management systems may support this process. They can help identify where records are held and whether they are being held under the correct security conditions, and in the case of health and care records, remain confidential. The process can also be used as an opportunity for asset owners to identify how long their records need to be held. The process will identify business critical assets and ensure that there are adequate business continuity measures in place to assure access.

Records Management Code of Practice 2021 Records Management Obligations 20 21

Organising records

3.1 OVERVIEW

As set out in section two, each organisation must have a policy for managing Designing and Implementing Record Keeping Systems (DIRKS) is a manual records. This section describes how to design and implement a records which led to the creation of ISO 15489-1:2016 Information and documentation management scheme, decide what a record is and arrange records. It includes - Records Management. This standard, published by the International information about the importance of metadata and security classifications. Organization for Standardization (ISO), focuses on the business principles behind records management and how organisations can establish a framework to enable a comprehensive records management programme. The standard is an eight-stage process and can be summarised as: 3.2 DESIGNING A RECORDS KEEPING SYSTEM

1. conduct preliminary investigation A record keeping system should be implemented at organisational level and within departmental standard operating procedures as appropriate. The records 2. analyse business activity lifecycle, or the information lifecycle, is a term that describes a controlled regime 3. identify requirements for records in which information is managed from the point that it is created to the point that it is either destroyed or permanently preserved as being of historical or 4. assess existing systems research interest. 5. identify strategies to satisfy requirement A records management system should cover each stage of the lifecycle: 6. design records system • creation: create and log quality information 7. implement records systems • using: use or handle 8. conduct post implementation review • retention: keep or maintain in line with NHS recommended retention schedule • appraisal: determine whether records are worthy of archival preservation • disposal: dispose appropriately according to policy

Records Management Code of Practice 2021 Organising records 22 23

The standard also describes the characteristics of a record. 3.3 CONDUCTING A DATA PROTECTION IMPACT ASSESSMENT

Record characteristic How to evidence Under UK GDPR, organisations are required to conduct Data Protection Impact It is what it purports (claims) to be Assessments (DPIAs) where there is a new or change in use of personal data and a potentially high risk to privacy. A DPIA template can be found on the ICO To have been created or sent by the person purported to have created or sent it website). Some uses require a mandatory DPIA (where processing is large scale or introduces new technologies. If you are looking to establish a new records Authentic To have been created or sent at the time purported management function, then it will be vitally important to complete a DPIA. This will highlight potential risks to privacy and data protection, allowing you Full and accurate record of the transaction or activity or fact to action, mitigate or eliminate that risk. This must be conducted prior to any Created close to the time of transaction or activity processing being carried out.

Reliable Created by individuals with direct knowledge of the facts or by When you are looking to amend a record’s function, you should check with instruments routinely involved in the transaction or activity the person responsible for records management first, for example, your record Complete and unaltered manager or your data protection officer. DPIA completion in this circumstance will depend on the amendments you are looking to make. For example, if you Protected against unauthorised alteration intend to add three racking shelves for paper HR files to the existing twenty shelves you would probably not complete a DPIA. If you were looking to send Alterations after creation can be identified as can the person your records offsite for scanning or destruction you must complete a DPIA, as Integrity making the changes this is a new process and the risk is greater. Located, retrieved, presented and interpreted

Useable Context can be established through links to other records in the transaction or activity

These characteristics allow strategies, policies and procedures to be established that will enable records to be authentic, reliable, integral and usable throughout their lifecycle.

In terms of ensuring a record is reliable, where an organisation realises that inaccurate information is being held about its patient or service users, then it should take steps to rectify the situation and make records as accurate as they can. An example of what action might be taken can be found in the Institute of Health Records and Information Management (IHRIM) - Good Practice Guidance 2020.

There are a series of other British and international standards that are used to produce record keeping systems. These all interrelate and work within the same guiding principles and where possible use the same terminology. They all rely upon defining roles and responsibilities, processes, measurement, evaluation, review and improvement.

Records Management Code of Practice 2021 Organising records 24 25

3.4 DECLARING A RECORD Key legislation, such as the UK GDPR or FOIA, applies to all recorded information of the types covered by these Acts, whether declared as a formal record or not. However, declaration makes it easier to manage information in accordance with the legislation and business needs. Requests for information made under Within the record keeping system, there must be a method of deciding: this legislation are easier to find in a logical filing system. Accumulations of • what is a record informally recorded information, which can be difficult to find, should therefore be minimised. • what needs to be kept

This process is described as ‘declaring a record’. A record can be declared at the 3.5 ORGANISING RECORDS point it is created or it can be declared at a later date. The process of declaring a record must be clear to staff. A declared record is then managed in a way that will fix it in an accessible format until it is appraised for further value or disposed Record keeping systems must have a means of physically or digitally organising of, according to retention policy that has been adopted. Some activities will be records. This is often referred to as a file plan or business classification scheme. pre-defined as creating a record that needs to be kept, such as health and care In its most basic form, a business classification scheme is a list of activities (for records or the minutes and papers of board meetings. Other records will need to example, finance or HR) arranged by business functions, however, it is often fulfil the criteria as being worth keeping, such as unique instances of a business linked to an organisation’s hierarchical structure. document or email. Datasets may also be declared as records and managed accordingly. Records should be arranged into a classification scheme, as required by ISO 15489 and the Section 46 Code of Practice. At the simplest level, the business Declared records can be held in the ‘business as usual’ systems or they can classification scheme can be anything from an arrangement of files and folders be moved into a protected area such as an Electronic Document and Records on a network to an EDRMS. The important element is that there is an organised Management System (EDRMS) depending on the record keeping system in naming convention, which is logical, and can be followed by all staff. The use. Organisations’ teams should only hold the records they need to conduct scheme can be designed in different ways. Classification schemes should try to business, locally. classify by function first. Once a recommended functional classification has been selected, the scheme can be further refined to produce a classification tree based Records and information relating to closed cases may be kept locally for a short on function, activity and transaction, for example: period of time (such as a year). This is in case a patient or service user re-presents or is re-referred. After that time, they should be moved to long-term storage Function: corporate governance for the rest of their retention period. For digital records, a system may already Activity: board minutes and associated papers be set up whereby records no longer required for current business are stored Transaction: April 2018-March 2019 (such as a dedicated network drive or space on a drive). Records should be moved there keeping operational space free for current cases or work. This will The transaction can then be assigned a rule (such as retention period), a security also restrict unnecessary access to non-current personal or sensitive data. Your status or other action based on the organisational policy. The scheme will enable organisation’s records management policy should cover what you need to do appropriate management controls to be applied and support more accurate locally in this circumstance. retrieval of information from record systems.

Records Management Code of Practice 2021 Organising records 26 27

3.6 USING METADATA TO ORGANISE AND FIND RECORDS Box label Local interpretation Metadata standard

Tiverton Community NHS Organisation name Creator Metadata is ‘data about data’ or structured information about a resource. The Trust Cabinet Office e-Government Metadata Standard states that: Midwifery Service name Creator

‘metadata makes it easier to manage or find information, be it in the Patient case records Description of record Subject or title form of webpages, electronic documents, paper files or databases and for surname A-F metadata to be effective, it needs to be structured and consistent across organisations’ 2000 Date/year of discharge Date

2025 Date/year of destruction Date The standard sets out 25 metadata elements, which are designed to form the basis for the description of all information. The standard lists four mandatory Where there is sufficient metadata it can be possible to arrange records by elements of metadata that must be present for any piece of information. their metadata alone, however, a business classification scheme would always A further three elements are mandatory if applicable and two more are be recommended. Records arranged by their metadata rather than into a recommended. classification scheme often lack ‘context’. This reduces the ability to produce an authentic record. Finding records arranged in this way is often reliant on Mandatory elements Mandatory if applicable Recommended a powerful search tool used to ‘mine’ the data or use a process called ‘digital archaeology’. This is not recommended because it is so time-consuming to Creator Accessibility Coverage determine authenticity, but it has been included in this Code as legacy record keeping systems may not have been organised logically. Date Identifier Language

Subject Publisher 3.7 APPLYING SECURITY CLASSIFICATIONS Title

The following provides a practical example of the metadata standard being used The NHS has developed a protective marking scheme for the records it creates. to produce a label to be placed on the side of a box of paper records, which are It is based on the Cabinet Office Government Security Classifications defined ready to archive: protective marking scheme which is used by both central and local government. Under the NHS Protective Marking Scheme 2014, patient data is classed as ‘NHS Confidential’.

There is no expectation that a security classification must be applied or used by all health and care organisations. For example, it would be disproportionate for a small care home or dental practice to apply NHS or Government security classifications to a small cohort of records. Whereas a large NHS rustT may want to use the NHS classification scheme.

Records Management Code of Practice 2021 Organising records 28 29

Records storage for operational use

4.1 OVERVIEW The European Commission has produced an overarching standard in this area. (Further information is available on the DLM forum foundation). The authenticity of a record is dependent on a number of factors: This section covers how to store records for operational use. It includes • sufficient metadata to allow it to remain reliable, integral and usable (refer considerations relating to both paper and digital records including the challenge to section 3) of ensuring digital records remain authentic and usable over time and the management of off-site storage. Further information about the management of • the structure of the record specific formats of records (for example, cloud-based records and records created • the business context on personally owned computers and equipment) are in Appendix III. • links between other documents that form part of the transaction the record relates to 4.2 MANAGEMENT AND STORAGE OF PAPER RECORDS The management of digital records requires constant, continual effort, and should not be underestimated. Failure to properly maintain digital records can Wherever possible, organisations should be moving to digital records. The result in doubt being raised over the authenticity of the digital image. Examples original paper record guarantees the authenticity of the record. However, it can include: make it hard to audit access to the record, depending on where this is stored, • a record with web links that do not work once they are converted to because paper records do not have automatic audit logs. Storage of paper another format, loses integrity records also will incur costs, whether in-house or offsite. This cost will only increase as the size of the holding or length of time they are stored, increases. • a record with attachments, such as hyperlinks or embedded documents that do not migrate to newer media, are not complete or integral Where possible, paper records management processes should be as • an email message that is not stored with the other records related to the environmentally friendly as possible. This will help contribute towards the NHS transaction, is not integral as there are no supporting records to give it target to reduce its carbon footprint and environmental impact. Examples context include the shredding of paper records and the end product used for recycling purposes instead of burning records in industrial furnaces. Digital information presents a unique set of issues which must be considered and overcome to ensure that records remain: 4.3 MANAGEMENT AND STORAGE OF DIGITAL RECORDS • authentic • reliable Digital records offer many advantages over paper records. They can be accessed • retain their integrity simultaneously by multiple users, take up less physical storage space and enable activities to be carried out more effectively, for example, through the use of • retain usability search functions and digital tools. Digital continuity refers to the process of maintaining digital information in Digital information must be stored in such a way that, throughout its lifecycle, such a way that the information will continue to be available as needed despite it can be recovered in an accessible format in addition to providing information advances in digital technology and the advent of newer digital platforms. about those who have accessed the record. Digital preservation ensures that digital information of continuing value remains accessible and usable.

Records Management Code of Practice 2021 Records storage for operational use 30 31

The amount of work required to maintain digital information as an authentic ‘the achievement of an appropriate level of capability by an organisation record must not be underestimated. For example, the information recorded in order for it to be able to collect, preserve, protect and analyse on an electronic health record system may need to be accessible for decades digital evidence so that this evidence can be effectively used in any (including an audit trail to show lawful access and maintain authenticity) to legal matters, in security investigations, in disciplinary matters, in an support continuity of care. Digital information must not be left unmanaged in employment tribunal or in a court of law’. the hope a file can be used in the future. The National Archives has produced a variety of technical and role-based guidance and useful checklists to support this management process. The NCSC notes that ‘it is important for each organisation to develop a forensic readiness of As there are no digital records in existence today that are of such an age, it sufficient capability and that it is matched to its business need’. is difficult to even plan continued access in an authentic form over such a timeframe. For example: Forensic readiness involves: • paper records can deteriorate over time - so can digital media as the magnetic binary code can de-magnetise in a process called ‘bit rot’ leading • specification of a policy that lays down a consistent approach to digital to unreadable or altered information, thus reducing its authenticity records • software upgrades can leave other applications unusable as they may no • detailed planning against typical (and actual) case scenarios longer run on updated operating systems • identification of (internal or external) resources that can be deployed as • media used for storage may become obsolete or degrade, and the part of those plans technology required to read them may not be commercially available • identification of where and how the associated digital evidence can be • file formats become obsolete over time as more efficient and advanced gathered that will support case investigation ones are developed • a process of continuous improvement that learns from experience

There are several strategies that can be adopted to ensure that digital information can be kept in an accessible form over time. Among the most In many organisations, forensic readiness is managed by information security or common strategies adopted are: informatics staff, but records managers need to ensure that they input to policy development and feed in case scenarios as necessary. • migration to the new systems (retaining existing formats - this is the preferred method) Where possible, electronic records management processes should be as • emulation (using software to simulate the original application) environmentally friendly as possible to help contribute towards the NHS target to reduce its carbon footprint and environmental impact. An example would be • preservation of host system to replace outdated IT servers with up to date energy efficient systems, reducing the amount of energy required for the solution. • conversion to a standard file format (or a limited number of formats)

The Digital Preservation Coalition has produced a handbook that will help organisations understand some of the issues associated with retaining digital records for long periods of time.

The UK Government National Cyber Security Centre (NCSC) provides good practice guidelines on forensic readiness and defines it as:

Records Management Code of Practice 2021 Records storage for operational use 32 33

4.4 MANAGING OFFSITE RECORDS

It is vital to highlight the importance of actively managing records stored offsite. You must conduct a DPIA if you are looking to start storing records offsite. This This applies to both paper records and records stored in cloud-based solutions is because it will be a new process for handling potentially high volumes of (refer to Appendix III for further information about cloud-based records). personal data with increased risk. A DPIA must be completed: Managing off-site records effectively will ensure that: • at the outset of entering an offsite storage contract • there is a full inventory of what is held offsite • if you have not completed one before on the service (even if it has been • retention periods are applied to each record established for a number of years) • a disposal log is kept • if you change service provider • there is evidence of secure disposal of records and information • if you change how you manage your contract or elements of it (for example, change from destruction by pulping to destruction by shredding) The National Archives has produced guidance to identify and support the • if you end the service by bringing it in-house requirements for selecting and transferring paper records and further guidance on identifying and specifying requirements for offsite storage of physical If offsite storage is currently operated by your organisation it may be worth records. It is a best practice benchmark for all organisations creating or holding conducting a DPIA to ensure current measures guard against risks to privacy. A public records and provides advice and guidance on the tracking of records at all DPIA is also evidence of due diligence, providing the outcomes are actioned. stages of the information lifecycle up to disposal. The National Archives does not provide guidance on onsite storage of operational and live records. This should be determined by the local organisation in line with this Code.

When considering using offsite storage, organisations should consider the following: • Instruction: The controller must provide clear instructions relating to all processing of offsite records including destruction of the records. • Access to site: Access to the storage site should be possible to be able to exercise due diligence, and conduct site visits if necessary. • Retrieval: Organisations will need to agree how their records will be retrieved and what timeframe they will be returned. An example would be to ensure that you can respond to subject access and FOI requests or retrieve them to dispose of when the minimum retention period has been reached.

Records Management Code of Practice 2021 Records storage for operational use 34 35 Management of records when the minimum retention period is reached

5.1 OVERVIEW

This section covers the management of records once their business need has • The way care is delivered: The records may be reflective of health or care ceased and the minimum retention period has been reached. A detailed policy at the time. retention schedule is set out in Appendix II. This section includes information • Series growth: If the records are part of a series that will be added to on the destruction and deletion of records, reviewing records for continued (type of record rather than additional content into existing records), you retention once their minimum period for retention has expired, and the need to consider space issues in your local records store or organisation selection of records for permanent preservation. It also includes information archive. For example, continued expansion of a series that is hardly recalled and advice about the transfer of records to Place of Deposits (PoD). Appendix would not justify an extension to the retention period. I relating to public Inquiries should also be considered before destroying any records. • Recall rates: If a series of records is routinely accessed to retrieve records, then there may be justification for extending the retention period due to ongoing use. Whereas, for a series of records that has a very low recall rate, 5.2 APPRAISAL continued retention may be harder to justify. • Historical value: If the record has potential historical or social value (for example, innovative new service or treatment or care delivery method), Appraisal is the process of deciding what to do with records once their business then consider retaining for longer. It would also be helpful to have early need has ceased and the minimum retention period has been reached. This can discussions with your local PoD about potential accession, even if the also be known as the disposition of records. The National Archives has produced record has ceased to be of operational value or use. PoDs will not normally guidance on appraisal. accession records before 20 years retention has passed, unless there are exceptional circumstances for early transfer. The PoD must agree to the Appraisal must be defined in a policy and any decisions must be documented transfer PRIOR to it occurring. If early discussion with the PoD indicates and linked to a mandate to act (derived from the board). Any changes to the record (or series) will not be accessioned, and you have no ongoing the status of records must also be reflected in your organisation’s Record of operational use for the record or series, then you must securely destroy Processing Activity. In no circumstances should a record or series be automatically the record, and obtain evidence of destruction (for example, destruction destroyed or deleted. certificate). • Previous deposits: The records you hold may be a continuation of a series When appraising records that have come to the end of their minimum retention that has historically been accessioned by a local PoD. It is important to find period, you should consider the following: out what has historically been accessioned from your organisation to the • Ongoing use: You might need to keep the record for longer than the PoD, so that a series of records remains complete. It is likely that records minimum period for care, legal or audit reasons. In these cases, you can set that add to an already accessioned series will continue to be taken by the an extension to the minimum period, provided it is justified and approved. PoD. • Classification of diseases (based on ICD10 code): Some health conditions may lend themselves towards a longer, or extended, retention This list is not exhaustive, and organisations may have bespoke issues to consider period. as well. • Operational delivery: The way a service was delivered may have been pioneering or innovative at the time, which may justify an extended retention period or long-term archival preservation.

Records Management Code of Practice 2021 Management of records when the minimum retention period is reached 36 37

Digital records can be appraised if they are: Destruction of paper records

• arranged in an organised filing system Paper records selected for destruction can be destroyed, subject to following • differentiated by the year of creation ISO 15489-1:2016. Destruction can be conducted in-house or under contract with an approved offsite company. If an offsite company is used, the health or care • organised by year of closure organisation, as the controller, is responsible for ensuring the provider chosen to carry out offsite destruction meets the necessary requirements and can evidence • clear about the subject of the record this. This evidence should be checked as part of due diligence (for example, if the provider says they have the ISO accreditation, then check with the ISO). If digital records have been organised in an effective file plan or an electronic Other diligence activities, such as a site visit to the contractor, should also be record keeping system, this process will be made much easier. Decisions can carried out. Destruction provider companies must provide a certification of then be applied to an entire class of records rather than reviewing each record destruction for the bulk destruction of records. This certification must be linked in turn. to a list of records, so organisations have clear evidence that particular records have been destroyed. There will be one of three outcomes from appraisal: Records that do not contain personal data or confidential material can be • destroy or delete destroyed in a less secure manner (such as confidential waste bins that do not • continued retention – this will require justification and documented provide certificates of destruction). If in doubt, material should be treated as reasons confidential and evidentially destroyed. Do not use the domestic waste or put records on a rubbish tip to destroy identifiable, confidential material, because • permanent preservation they remain accessible to anyone who finds them. The British Security Industry Association (BSIA) has provided a guide on information destruction. All appraisal decisions need to be justified, follow policy or guidance, and be Destruction of digital records documented and approved by the relevant board, committee or group of the organisation. Destruction implies a permanent action. For digital records ‘deletion’ may not meet the ISO 27001 standard as the information can or may be able to be recovered or reversed. Destruction of digital information is therefore more 5.3 DESTROYING AND DELETING RECORDS challenging. If an offsite company is used, the health and care organisation as the controller should check with the ISO whether the provider meets the necessary requirements, similar to the process for the destruction of paper If as a result of appraisal, a decision is made to destroy or delete a record, records. there must be evidence of the decision. It is good practice to get authorisation for destruction or deletion from an appointed committee or group with a One element of records management is accounting for information, so any designated function to appraise records, working to a policy or guidelines. destruction of hardware, hard drives or storage media must be auditable in Where the destruction or deletion process is new, or there is a change in the respect of the information they hold. An electronic records management system destruction process (such as a change of provider, or the method used), a DPIA will retain a metadata stub which will show what has been destroyed. must be completed and signed off by the organisation.

Records Management Code of Practice 2021 Management of records when the minimum retention period is reached 38 39

The ICO guidance Deleting personal data sets out that if information is deleted 5.4 CONTINUED RETENTION from a live environment and cannot be readily accessed, then this will suffice to remove information for the purposes of UK GDPR. Their advice is to only procure systems that will allow permanent deletion of records to allow compliance with The retention periods given in Appendix II are the minimum periods for which the law. records must be retained for health and care purposes. In most cases, it will be appropriate to dispose of records once this period has expired, unless the records Electronic systems will vary in their functionality. They may have the ability to have been selected for permanent preservation. permanently delete records from the system or not. Where a record that has reached its retention period and has been approved for destruction, then the Organisations must have procedures and policies for any instances where it record should be deleted if the system allows that function. A separate record is necessary to maintain specifically identified individual records, or group of should be kept of what record has been deleted. records (clinical or otherwise) for longer than the stated minimum, including: If a system doesn’t allow permanent deletion, then all reasonable efforts must • temporary retention be made to remove the record from normal daily use. It should be marked in • public inquiries such a way that anyone accessing the record can recognise it as a dormant or archived record. All activity in electronic systems must be auditable, and (where • ongoing access request, for example, where the ongoing processing of an appropriate) local policies and procedures should cover archived digital records. access request cuts over the minimum retention period. It would not be acceptable to dispose of a record that is part way through being processed In relation to FOIA, the ICO guidance Determining whether information is held for an access request because the minimum retention period has been advises that once the appropriate limit for costs incurred for that FOI has been reached. reached, there are no more requirements to recover information held. The only • where there is a continued business need beyond the minimum retention exemption to this would be where the organisation is instructed by a court period, and this is documented in local policy order.

The following are examples of when information cannot be destroyed or There will be occasions where care specialties will create digital records that disposed of: have different retention periods. For example, a radiology scan might need to be kept for the minimum of 8 years, and then destroyed as the record is no longer • if it is subject to a form of access request, for example, Subject Access required. Yet a different image for a similar case may need to be kept for longer Request (SAR), FOIA request due to the nature of that particular case. In these situations, organisations can • if it is required for notified legal proceedings, for example, a court order, or apply different retention times and this should be picked up at the review stage where there is reasonable prospect of legal proceedings commencing (an once the 8 years has expired. impending court case). This information will possibly be required for the exercising or defending of a legal right or claim Where records contain personal data, the decision to retain must comply with UK GDPR. Decisions for continued retention beyond the periods laid out in this • if it is required for a coroner’s inquest Code must be recorded, made in accordance with formal policies and procedures • if it is of interest to a public inquiry, for example, who will issue guidance by authorised staff and set a specific period for further review. to organisations on what kind of records they may require as part of the inquiry. Once notified, organisations can re-commence disposal, taking into Generally, where there is justification, records may be retained locally from the account what records are required by the inquiry. If in doubt, check with minimum period set in this Code, for up to 20 years from the last date at which the Inquiry Team. content was added.

Records Management Code of Practice 2021 Management of records when the minimum retention period is reached 40 41

NHS individual staff and patient records Examples of the application of Secretary of State (SoS) retention approval For NHS individual staff and patient records that have a recommended retention period beyond 20 years (for example, maternity records), these can be retained 1. A trust wishes to check the retention period for cancer/oncology for longer as specified in Appendix II, in this case for 25 years. The Secretary of records. The Code states 30 years so the records are retained for State for Digital, Culture, Media and Sport has approved the retention of NHS 20 years without the need to apply the SoS approval. The last 10 individual staff and patient records up to 20 years where this is necessary for years would be covered by SoS approval as they relate to individual continued NHS operational use. This may be reflected in an extended retention patients, providing the trust has an ongoing need and justification period beyond 20 years being mandated by the Code (such as with the maternity for continued storage. records). Where organisations use this provision locally to retain records for 2. A trust wishes to retain patient records for 16 years due to longer than 20 years, this must be documented in published policies. developments in the treatment of infectious diseases (where a patient is cared for in an isolation ward). The Code recommends It must be remembered that in some cases of health and social care, there may eight years before disposal. The trust can make a local decision to be gaps between episodes of care. If a patient or service user begins a new retain the records for 16 years. This does not need SoS approval episode of care whilst their previous record is still within agreed retention because the period is under 20 years. The decision is documented in periods, then these episodes of care will link, and the retention period will begin the trust’s published policy. The trust notes that retention beyond again at the end of the current episode. This may mean that some or all of the 20 years for these records would utilise the SoS retention approval, information from the previous episode will go over a 20-year retention mark, subject to ongoing business need and justification of the proposed but this is acceptable as it links to a more recent care episode. extended retention period.

Other types of records

For records that are not staff or patient records, for example, board minutes 5.5 RECORDS FOR PERMANENT PRESERVATION or records relating to buildings, a different arrangement is in place. Where an organisation needs to keep any other type of record beyond 20 years, then approval must be sought separately from the Secretary of State for Digital, The Public Records Act 1958 requires organisations to select records for Culture, Media and Sport. permanent preservation. Selection for transfer under this Act is separate to the operational review of records to support current service provision. It is designed This is the case even where the recommended retention period is longer in the to ensure the permanent preservation of a small core (typically 2-5%) of key Code. The Code does not recommend a minimum retention period beyond 20 records, which will: years for the majority of these types of records. However asbestos, radiation and • enable the public to understand the working of the organisation and its some building records have longer retention periods due to current legislation impact on the population it serves at the time of writing. We are progressing an application to the Advisory Council for these three types of records. Organisations should retain them for the • preserve information and evidence likely to have long-term research or retention period set out in the Code at this time. We will update the Code with archival value the outcome of that application in autumn 2021. Records for preservation must be selected in accordance with the guidance Organisations should always check current legislation. Any applications for contained in this Code. Any supplementary guidance issued by The National approval should be made to The National Archives in the first instance (asd@ Archives and local guidance from the relevant PoD should always be consulted nationalarchives.gov.uk). in advance of any possible accession. This is to ensure it is appropriate to transfer the records selected. As a rule, national organisations, such as NHS England, will accession their records to The National Archives, and local NHS and social care

Records Management Code of Practice 2021 Management of records when the minimum retention period is reached 42 43

organisations will accession their records to the local PoD, as appointed by the eminent clinicians’ work and a panel for selecting historical records. Where a Secretary of State for Culture, Media and Sport. clinician has amassed a lifetime of research or important cases these may be identified and retained. Selection may take place at any time in advance of transfer. However, the selection and transfer must take place at or before records are 20 years old. Patient or service user records for permanent preservation Records may be selected as a class (for example, all board minutes) or at lower levels down to individual files or items. Records of individual persons may also be selected and transferred to the PoD provided this is necessary and proportionate in relation to the broadly historical purposes of the Public Records Act 1958 and PoD agreement. For Records can be categorised as follows: example, individual patient files relating to a hospital that is now closed and • transfer to PoD - this class of records should normally transfer in its entirety the files are coming to the end of their retention. In West Yorkshire, a hospital, to the PoD – trivial or duplicate items can be removed prior to transfer which opened in 1919, closed in 1995 and in 2011 patient files were still being transferred to the local PoD to finish the series. All patient records for the • consider transfer to PoD - all, some or none of this class may be selected (as hospital are now at the PoD. agreed with the PoD) • no PoD interest Patient or service user confidentiality will normally prevent use for many decades after transfer and the physical resource will be substantial (for example, x number of archive boxes) therefore the transfer of patient or service users Other records should not normally be selected for transfer. Whilst there may records should only be considered where one or more of the factors listed below be occasions where records to support research are transferred (for example, apply: to support research into rare conditions), records should not be transferred just because they relate to research or with the sole purpose of preservation in • the organisation has an unusually long or complete run of records of a case they could be used for future research. The Public Records Act 1958 is not given type designed to support the routine archival of research records. Records should not • the records relate to population or environmental factors peculiar to the be transferred unless they specifically meet the criteria below. If in doubt, it is locality recommended to check with the local PoD. • the records are likely to support research into rare or long-term conditions Where it is known that particular records will be transferred to PoDs routinely, • the records relate to an event or issue of significant local or national this should be noted in the records management policy (or equivalent) alongside importance the reason for the routine transfer. Likewise, one-off transfers should also be noted for reference. It is not practical to update local policies each time a • the records relate to the development of new or unusual treatments or transfer is made. If a particular type becomes a regular transfer, this could be approaches to care, or the organisation is recognised as a national or added to the next update of the records management policy. It may be sufficient international leader in the field of medicine or care concerned to publish a link to the PoD’s public catalogue or The National Archives Discovery Catalogue to which data for transferred records is added annually. Where it • the records throw particular light on the functioning, or failure, of the is known a record will form part of the public record at creation, it must be organisation, or the NHS or social care in general preserved locally until such time it can be transferred. PoDs will know which • the records relate to a significant piece of published research types of records they will always take (such as board minutes). The National Archives is working on providing guidance on which record will always be transferred and those that might be of local interest. Any policy to select patient or service user records should only be agreed after consultation with appropriate clinicians, the group or committee responsible for The Tavistock and Portman NHS Foundation Trust has a policy for the selection records management and (if necessary), the Caldicott Guardian. This decision, of material for permanent preservation: a method for selecting the works of and the reasoning behind the decision, should be published in the minutes

Records Management Code of Practice 2021 Management of records when the minimum retention period is reached 44 45

of the meeting at which this decision is taken. Routine transfers of patient or Requests to access records held in the Place of Deposit (PoD) service user records to a PoD can be included in the records management policy of the organisation or its equivalent. Once transferred to the PoD, records will still be owned by the organisation transferring them and all relevant laws will apply. Individual records deposited Any records selected should normally be retained within the NHS or social care with PoDs are still protected by the UK GDPR, FOIA and duty of confidentiality. (under the terms of Retention Instrument 122) until the patient or service user Where records are kept for permanent preservation for reasons other than care, is deceased, or reasonably assumed to be so and then can subsequently be consideration should be given to preserving the records in an anonymised way transferred. Records no longer required for current service provision may be to protect confidentiality. Where this is not possible, then consider removing as temporarily retained pending transfer to a PoD. Records containing sensitive many identifiers as possible. If you are looking to preserve a record because the or confidential information should not normally be transferred early, unless treatment provided was innovative or highlights new ways of working, then the in agreement with the PoD. If a patient or service user expresses a wish that identity of the patient is not required. For individual care, it would be required, they do not want their health or care record transferred to a PoD, this must be as the record may need to be retrieved. respected unless the transfer is required by law. Where a local PoD holds records and access is requested, the PoD will liaise Transfers of records to the Place of Deposit with the depositing organisation before releasing any information (including any checks for SARs required by UK GDPR and any exemptions under FOIA). Records selected for permanent preservation should be transferred to the This allows for a check for any harmful information that may be in the record relevant PoD appointed by the Secretary of State for Digital, Culture, Media or if there are other grounds on which to withhold the record. Where a public and Sport. PoDs are usually public archive services provided by the relevant interest test is required, the transferring organisation must carry this out and local authority. Current contact details of PoDs and the organisations which inform the PoD of the result. The depositing organisation must make a decision should transfer to them can be found on The National Archives website. As a on what information to release and where information is withheld, explain the general rule, national public sector organisations will deposit with The National reason why (except in exceptional circumstances, for example, a court order to Archives, while local organisations will deposit with a local PoD. For example, the PoD). NHS England will deposit with The National Archives, whereas a local NHS body or local authority will deposit with the local PoD. This could be the county record Unless there are exceptional circumstances, PoDs will not normally continue to office, or a specialised facility run by local authorities for the county. apply FOI exemptions to records more than 100 years old.

There will be a mandatory requirement to transfer some types of records Where a patient or service user has died the UK GDPR no longer applies but whereas others will be subject to local agreement. The retention schedule FOIA applies regardless as to whether the individual is alive or not. The Section included with this Code identifies records which should be transferred to the 41 (confidence) exemption of FOIA and the duty of confidence remain relevant locally approved PoD when business use has ceased. There may also be records so records cannot be accessed by anyone who does not have a lawful basis to of local interest which need to be accessioned to the PoD (such as a continuation view a record. FOIA decisions indicate that, in general, health and social care of a series already accessioned). Prior to any transfer being made, a discussion information will remain confidential after death. must be had with the local PoD to enable agreement on which records will The duty of confidence does diminish over time, but it is recommended that at be transferred and the process for doing so. (Also refer to Appendix I, which least 10 years should have passed after a person’s death before reviewing the provides information about public inquiries that may impact upon the selection consequences of relaxing disclosure controls on information about a person of records for transfer). previously regarded as confidential. This review should consider the potential Transferred records should be in good condition and appropriately packed, listed harm or distress to surviving family members of disclosing information that and reviewed for any FOIA exemptions. Records selected for transfer to a PoD might be regarded as particularly sensitive or likely to attract publicity, and the (after appraisal) may continue to be exempt from public access for a specified risks that the disclosure might undermine public trust in the health and care period after transfer in accordance with Section 66 of FOIA. For more detail on the system. When a person is deceased, the Access to Health Records Act 1990 may transfer process and sensitivity review refer to The National Archives guidance. enable access to the health record for a limited purpose by specified individuals (such as those with a claim arising out of the death of the person).

Records Management Code of Practice 2021 Management of records when the minimum retention period is reached 46 47

Appendix I: Public and Statutory Inquiries Appendix II: Retention schedule

Records form an important part of the evidence in inquiries. Inquiries take into This Appendix sets out the retention period for different types of records account a huge range of records and what is required can vary by inquiry. When relating to health and care. Where indicated, Appendix III should also be an inquiry is conducted, the Inquiry Team will issue detailed guidance setting referred to. This sets out further detail relating to the management of specific out what types of records they are interested in. If you have any records that an types and formats of records. inquiry requests, you must produce them or explain why you cannot produce them. The following information is important to ensure the retention schedule is used correctly. Before any records relating to inquiries are destroyed, you must check with the Inquiries Team that they are no longer required. If you are in doubt regarding The retention periods listed in this retention schedule must always be considered records that may or may not be of use for an inquiry, you must retain them until the minimum period. With justification, a retention period can be extended there is clear instruction from the inquiry. for the majority of cases, up to 20 years (refer to section five of the Code). For more information, refer to R v Northumberland County Council and the Before considering the selection of records for permanent preservation under Information Commissioner (23 July 2015). This provides assurance that it is the Public Records Act 1958 (refer to section 5), you should discuss any inquiries legitimate to vary common practice or guidance where a well-reasoned case for with the relevant PoD to take account of exceptional local circumstances and doing so is made. defunct record types not listed here. Retention periods begin when the record ceases to be operational. This is usually At the time of writing there are two independent Inquiries which have at the point of discharge from care when the record is no longer required for requested that large parts of the health and social care sector do not destroy any current on-going business, or the patient or service user has died. There are records that are, or may fall into the remit of the Inquiry: some exceptions to this rule, whereby the retention begins from the date the record is created (for corporate records, such as policies, the retention may • The Independent Inquiry into Child Sexual Abuse (IICSA) - this is due to start from the date of publication). These are marked with an asterisk (*) in the finish in 2022. Records that should not be destroyed include children’s schedule and may also contain further information in the notes for that entry. records and any instances of allegations or investigations or any records of an institution where abuse has or may have occurred If a record comes back into use during its retention period, then the retention • The Infected Blood Inquiry - further information about the records required period will reset and begin again from the end of the second period of use. This can be found on their website may mean that records will look as if they are being kept for longer than the retention times stated here, or even maximum periods as suggested by law, but this is acceptable where retention periods reset due to use (refer to section five The Government has also committed to holding a public inquiry into its response of the Code). to the coronavirus pandemic that began in March 2020. No details of what records will be required are known at this stage, but it is likely to require records relating to policy and decision making as a minimum. The actions following review as set out in the schedule are as follows: • Review and destroy if no longer required: Destroy refers to the confidential and secure destruction of the record with proof of destruction. These will be records with no archival value and there is no longer an ongoing business need to retain them for longer. • Review and dispose of if no longer required: ’Dispose of’ refers to the secure destruction of a record OR the transferral to the appointed PoD for permanent preservation. A certificate of transfer will be provided as proof of transfer (and can act as evidence of disposal). Refer to section five of the Code for further information about permanent preservation.

Records Management Code of Practice 2021 48 49

• Review and consider transfer to PoD: This refers to records that are to its type, one record may have historical value, where a series of 200+ more likely to be transferred to the PoD, subject to their discussion and records might not. agreement about potential accession. Not all records considered for accession will be taken by the PoD. If the record has been offered and • Service delivery: The uniqueness or niche way a service is delivered may declined to be taken, and it has no further retention value, then it must be lend itself to a longer retention period. PoDs can be interested in taking securely destroyed. Where you have potentially a new series of records for records relating to services that were delivered in a unique way. the PoD, you must discuss accessioning them before any action is taken. • Call or recall of records: If a record or series has a low recall rate, it • Review and transfer to PoD: This refers to records that should be could be indicative of a shorter retention period. Likewise records that are transferred to the PoD such as trust board minutes and final annual continually in use may require a longer retention period. financial report - local agreement will already be in place to accession these. The above list is not exhaustive.

It is very important that any health and care records are reviewed before they CARE RECORDS are destroyed. This review should take into account: • serious incidents which will require records to be retained for up to 20 years as set out in the schedule Record Type Retention Disposal Notes • use of the record during the retention period which could extend its Period Action retention Adult health records not 8 years Review and Records involving • potential for long-term archival preservation - this may particularly be covered by any other consider pioneering or innovative the case where the records relate to rare conditions such as Creutzfeldt- section in this schedule transfer to treatment may have Jakob Disease records or innovative treatments, for example, new cancer (includes medical PoD archival value, and their treatments illustration records such as long term preservation x-rays and scans as well as should be discussed with video and other formats. the local PoD or The If setting a retention period not covered by this Code, there are a number of Also includes care plans) National Archives. factors to consider including: • Legal or regulatory obligations: There may be a specific legal or regulatory reason to keep a record, which may also provide guidance on Also refer to Appendix III: how long that record needs to be kept to meet that obligation. ambulance service records. • Purpose of the record: The reasons you have created the record may also help define how long you need to keep them for. A record created for medico-legal reasons may need to be for a long period of time, whereas a record created for a specific event that has no post-event actions will attract a short retention period. Adult social care records 8 years Review and (including care plans) destroy if • Number of records: The number of records in a series can help you set no longer a retention period. It is worth noting that the number of records is not required directly proportionate to a longer retention period (for example, the more records created, then the longer they must be kept). It should also be noted that the number of records is also not indicative of historical value. Due

Records Management Code of Practice 2021 50 51

Record Type Retention Disposal Notes Record Type Retention Disposal Notes Period Action Period Action

Children’s records Up to 25th Review and Retain until 25th birthday, Electronic Patient Record Refer to Review and Where the system has (including midwifery, or 26th destroy if or 26th if the patient was 17 Systems (EPR) notes destroy if the capacity to destroy health visiting and school birthday no longer when treatment ended. no longer records in line with the nursing) - can include required required retention schedule, and medical illustrations, as where a metadata stub can well as video and audio remain, demonstrating the formats destruction, then the Code should be followed in the same way for digital as well as paper records with a log kept of destruction.

If the EPR does not have Clinical records that pre- Review and Contact your local PoD to this capacity, then once date the NHS (July 1948) transfer to arrange review and transfer. records reach the end of PoD Records not selected by their retention period, the PoD must be securely they should be made destroyed. inaccessible to system users upon decommissioning. The system (along with the audit trails) should be Dental records - clinical 15 years Review, and Based on Limitations Act retained for the retention care records destroy if 1980. This applies to all period of the last entry no longer dental care settings and the related to the schedule. required BSA. This also includes FP17 or FP17O forms. GP patient records - 10 years Review and Confidentiality generally deceased patients destroy if continues after death and Dental records - finance 2 years Review, and These include PR forms. NHS no longer records should be retained related destroy if BSA may retain financial required for medico-legal and no longer records for a minimum of possible public interest (for required 6 years. example, research) reasons. Review retention after 10 years when possible medico- legal reasons will lapse under requirements of the Limitation Act 1980. Destroy if the record holds no value for researchers. Also refer to Appendix III: GP records.

Records Management Code of Practice 2021 52 53

Record Type Retention Disposal Notes Record Type Retention Disposal Notes Period Action Period Action

GP patient records – living Continual If the patient has not GP patient records – 100 years Review and These are cases where the patients retention been seen for 10 years, dispose of patient has de-registered or a request for transfer de-registered cases where if no longer from the practice, but to a new GP has not been the reason is unknown required the reason is unknown. It received, the GP practice would be good practice should check the Personal for GPs to check if Demographics Service (PDS) there is a reason for de- for indication of death or registration (death, missed other reason for no contact. registration at another If there is no reason to practice, emigration etc.). suggest no contact, then It is not suggested that the record must be kept by a retrospective check be the GP practice. carried out, but it would be good practice going forward to conduct a check for these cases. If they have died, or transferred to a new practice, transfer the record to NHSE or the new Once checked under provider respectively. These General Medical Services records cannot be disposed (GMS) regulations, records of as they may require should be sent to NHSE further services as they get via Primary Care Support older. England (PCSE) operational processes.

Also refer to Appendix III: GP records Also refer to Appendix III: GP records

Records Management Code of Practice 2021 54 55

Record Type Retention Disposal Notes Record Type Retention Disposal Notes Period Action Period Action

GP patient registrations 6 years after Review and These need to be kept for Integrated records – Retain for Review and This is the most likely form the year of dispose of 6 years as GP per capita relevant consider model currently in use. registration if no longer payments are made based all organisations keep their specialty transfer to Organisations keep their required on registered patient own records, but enable period PoD own records on their numbers. Most GP practices them to be viewed by patients or service users but scan the form into the other organisations can grant ‘view only’ access patient’s electronic record to other organisations, to once it is created. The paper help them provide health form can be destroyed and care to patients or securely once the minimum service users. retention period has been reached, unless there is another reason to keep the form longer (this would Mental health records 20 years, Review and Covers records made under be identified at the review including psychology or 10 years consider the Mental Health Act stage). records after death transfer to (MHA) 1983 (and 2007 PoD amendments). Integrated records – Retain for Review and The retention time will vary period of consider depending upon which type all organisations longest transfer to of health and care settings contribute to the same specialty PoD have contributed to the Records retained solely for single instance of the record. Areas that use this any person who has been record model must have a way sectioned under MHA1983 of identifying the longest must be considered for retention period applicable longer than 20 years where to the record. the case is ongoing, or the potential for recurrence is high (based on local clinical judgment). Integrated records – Retain for Review and This is where all relevant consider organisations contribute all organisations specialty transfer to into the same record contribute to the same period PoD system but have their own record, but keep a level of area to contribute to and This applies to records of separation (refer to notes) the system still shows a patients or service users, contemporaneous view of regardless of whether they the patient record. have capacity or not.

Obstetrics, maternity, 25 years Review and For record keeping antenatal and postnatal destroy if purposes, these are records no longer considered to be as much required the child’s record as the parent, so the longer retention period should be considered.

Records Management Code of Practice 2021 56 57

Record Type Retention Disposal Notes Record Type Retention Disposal Notes Period Action Period Action

Prison health records 10 years Review and A summary of their prison Contraception, sexual 8 or 10 Review and 8 years for the basic destroy if healthcare is sent to the health, family planning, years destroy if retention requirement but no longer person’s new GP upon Genito-Urinary Medicine no longer this is increased to 10 in required release and the record (GUM) required cases of implants or medical should be considered closed devices. If the record relates at the point of release. to a child, then retain in line with children’s records.

These records are unlikely to have long (Also refer to Appendix III: term archival value and records dealt with under the should be retained by the NHS Trusts and Primary Care organisations providing care Trusts (Sexually transmitted in the prison, or successor disease) directions 2000). organisations if the running of the service changes hands. Creutzfeldt-Jakob Disease 30 years or Review and Diagnosis records must be – patient records 10 years consider retained for clinical care after death transfer to purposes. Cancer/oncology records – 30 years, or Review and Retention for these records PoD any patient* 8 years after consider begins at diagnosis rather death transfer to than the end of operational Human Fertility and 3,10, 30 or Review and These retention periods are PoD use. For clinical care Embryology Authority 50 years destroy if set out in HFEA guidance. reasons, these records must (HFEA) records – treatment no longer be retained longer in case provided in licenced required of re-occurrence. Where centres the oncology record is part of the main records, then Long-term illness, or illness 20 years, Review and Necessary for continuation the entire record must be that may reoccur – patient or 10 years destroy if of clinical care. The primary retained. records after death no longer record of the illness and required course of treatment must be kept where the illness may reoccur or it is a life- long condition such as diabetes, arthritis or Chronic Obstructive Pulmonary Disease.

Records Management Code of Practice 2021 58 59

PHARMACY Record Type Retention Disposal Notes Period Action

Sexual Assault Referral 30 years, Review, and These records need to Centres (SARC) or 10 years destroy if be kept for medico- Record Type Retention Disposal Notes after death no longer legal reasons because an Period Action (if known) required individual may not be in a position to bring a Controlled drugs 2 years, Review and Misuse of Drugs Act 2001. NHS case against the alleged - registers (refer to destroy if England has issued guidance in perpetrator for a long time notes) no longer relation to controlled drugs. after the event. Once the required retention period is reached, a decision needs to be made about continued retention. Records cannot be kept Also refer to Appendix III: controlled indefinitely just in case drugs an individual might bring a case. Some individuals may never bring a case and indefinite retention may Controlled drugs 2 years Review, and Misuse of Drugs Act 2001. be seen as a breach of UK - order books, destroy if GDPR (keeping information requisitions etc no longer longer than necessary). required Consideration also needs to be given to the Police and Pharmacy 2 years Review and A record of the prescription will also Criminal Evidence Act 1984, prescription destroy if be held by NHS BSA and there will be Human Tissue Act 2004, records no longer an entry on the patient record. and Criminal Procedure required and Investigations Act 1996 Further advice and guidance on legal requirements (other pharmacy records can be found on the laws and regulations may Specialist Pharmacy Service website. also need to be taken into account).

Records Management Code of Practice 2021 60 61

PATHOLOGY EVENT AND TRANSACTION RECORDS

Record Type Retention Disposal Notes Record Type Retention Disposal Notes Period Action Period Action

Pathology Refer to Review and This Code is concerned with the Blood bank 30 years Review and Need to be disposed of if there is no reports, notes consider information about a specimen or register* minimum consider on-going need to retain them (such as information transfer to sample. The length of time clinical transfer to the currently ongoing Infected Blood about samples PoD material (for example, a specimen) PoD Inquiry), subject to any transfer to the is stored will drive how long the PoD. information relating to it is retained. Sample retention can be for as long as there is a clinical need to hold it. Reports should be stored on the patient file. Clinical audit* 5 years Review and Five years from the year in which the destroy if audit was conducted. no longer required This includes the reports and data collection sheets/exercise. The data It is common for pathologists to hold itself will usually be clinical so should duplicate records. For clinical purposes, be kept for the appropriate retention these should be retained for eight years period, for example, data from adult after discharge or until a child’s 25th health records would be kept for 8 birthday. years.

Chaplaincy 2 years Review and Also refer to corporate governance records* consider records. If information is retained for 20 years, it transfer to must be appraised for historical value, PoD and a decision made about its disposal.

Clinical diaries 2 years Review and Two years after the year to which they destroy if relate. Also refer to Appendix III: specimens no longer and samples required Diaries of clinical activity and visits must be written up and transferred to the main patient record. If the information is not transferred from the diary (so the only record of the event is in the diary), then this must be retained for eight years and reviewed.

Some staff keep hardback diaries of their appointments or business meetings. If these contain no personal data, they can be disposed of after two years.

Records Management Code of Practice 2021 62 63

Record Type Retention Disposal Notes Record Type Retention Disposal Notes Period Action Period Action

Clinical 20 years Review and Clinical protocols may have GP temporary 2 years Review and This assumes a copy has been sent to protocols* consider preservational value. They may also resident forms destroy if the responsible GP for inclusion in the transfer to be routinely captured in clinical no longer GP patient record. PoD governance meetings which may form required part of the permanent record (refer to corporate governance records).

Inspection of 11 years Review and equipment destroy if Datasets Delete with Delete in NHS Digital issue guidance through records no longer released by immediate line with the Data Access Request Service (DARS) required NHS Digital effect NHS Digital process on the retention and disposal and its instructions of data released by them. predecessors Notifiable 6 years Review and diseases book* destroy if Destruction 20 years Review and Destruction certificates created by no longer certificates, consider public bodies are not covered by a required or electronic transfer to retention instrument (if they do not metadata PoD relate to patient care and if a PoD or destruction The National Archives do not accession stub, or record them). They need to be destroyed after Operating 10 years Review and 10 years from the end of the year to of clinical 20 years. theatre consider which they relate. information records transfer to held on PoD physical media

Equipment 11 years Review and maintenance destroy and Patient 2 years Review and Two years from the end of the year to logs no longer property destroy if which they relate. required books no longer required

General 6 years Review and ophthalmic destroy if Referrals – 2 years Review and Retention period begins from the services – no longer NOT destroy if DATE OF REJECTION. These are seen as patient records required ACCEPTED no longer an ephemeral record. related to required NHS financial transactions

Records Management Code of Practice 2021 64 65

Record Type Retention Disposal Notes Record Type Retention Disposal Notes Period Action Period Action

Requests 2 years Review and Retention period begins from the Transplantation 30 years Review and Refer to guidance issued by the Human for care destroy if DATE OF REJECTION. These are seen as records* consider Tissue Authority. funding – NOT no longer an ephemeral record. transfer to ACCEPTED required PoD

Ward 2 years Review and This information relates to the ward. handover destroy if NB: These may have potential PoD sheets* no longer Any individual sheets held by staff may interest as what the NHS or social care required be destroyed confidentially at the end can or cannot fund can sometimes of the shift. be an issue of local or national significance and public debate.

Refer to Appendix III: individual funding requests

Screening* 10 years Review and Where cancer is detected, refer to the – including destroy if cancer/oncology schedule. cervical no longer screening required – where no cancer or illness detected is returned

Screening – 10 years or Review and Treat as a child health record and children 25th birthday destroy if retain for either 10 years or up to 25th no longer birthday, whichever is the LONGER. required

Smoking 2 years Review and Retention begins at the end of the 12- cessation destroy if week quit period. no longer required

Records Management Code of Practice 2021 66 67

TELEPHONY SYSTEMS AND SERVICES BIRTHS, DEATHS AND ADOPTION RECORDS

This is related to 111 or 999 phone calls or services, Ambulance, out of hours, Record Type Retention Disposal Notes and single point of contact call centres. Period Action

Birth 25 years Review and Retention begins when the notification Record Type Retention Disposal Notes notification to destroy if is received by the child health Period Action child health no longer department. required Recorded 6 years Review and Retention period runs from the Treat as part of the child’s health conversations – destroy if date of the call and is intended record if not already stored within the which may be no longer to cover the Limitation Act 1980. health record. needed later for required Further guidance is issued by NHS clinical negligence Resolution. or other legal purposes* Birth 2 years Review and Where registers of all births that have registers* consider taken place in a particular hospital Recorded Treat as a Review and It is advisable to transfer any transfer to or birth centre exist, these will have conversations – health record destroy if relevant information into the main PoD archival value and should be retained which form part no longer record, through transcription or for 25 years and offered to the local of the health required summarisation. Call handlers may PoD at the end of the retention period. record* perform this task as part of the Information is also held by the NHS call. Where it is not possible to Birth Notification Service electronic transfer clinical information from system, and by ONS. Other information the recording to the record, the about a birth must be recorded in the recording must be considered as care record. part of the record and be retained accordingly.

Body release 2 years Review and forms* destroy if Telephony systems 1 year Review and This is the minimum specified no longer record* destroy if to meet NHS contractual required no longer requirements. required

Records Management Code of Practice 2021 68 69

Record Type Retention Disposal Notes Record Type Retention Disposal Notes Period Action Period Action

Death – cause 2 years Review and These detail the name of the deceased Mortuary 10 years Review and Retention begins at the end of the year of death destroy if and suspected cause of death (which records of consider to which they relate. certificate no longer initially may be different to the final deceased transfer to counterfoil* required cause of death as stated on the official persons PoD death certificate). A death notification certificate is issued if a doctor is satisfied there is no suspicious or unexpected circumstances surrounding Mortuary 10 years Review and the death, and the counterfoil retained register* consider by the setting that issued the initial transfer to cause of death certificate (which is PoD used to obtain the full death certificate from a registrar of births, death and marriages). Cases referred to the coroner would not be able to issue NHS medicals 8 years or 25th Review and The health reports will feed into a certificate as the cause would be for adoption birthday consider the primary record held by the local unknown. These are unlikely to have records* transfer to authority. This means that adoption archival value. PoD records held in the NHS relate to reports that are already kept in Death - 2 years Review and A full dataset is available from ONS. another file, which is kept for 100 register consider years by the relevant agency or local information transfer to authority. Consider transferring to PoD sent to the PoD only if there are known gaps in the general primary local authority record or the registry office records pre-date 1976. on a monthly basis*

Local 100 years Review and The local authority Children’s Social Also refer to Appendix III: adopted authority consider Care Team hold the primary record persons health records adoption transfer to of the adoption process. Consider record (usually PoD transferring to PoD only if there held by the are known gaps in the primary local LA)* authority record, or the records pre- Post-mortem 10 years Review and The coroner will maintain and retain date 1976. records* destroy if the primary post-mortem file including no longer the report. Hospital post-mortem required records will not need to be kept for the same extended time period as (subject Also refer to Appendix III: adoption to local policy) these reports may also records be kept in the medical file.

Records Management Code of Practice 2021 70 71

CLINICAL TRIALS AND RESEARCH

Record Type Retention Disposal Notes Record Type Retention Disposal Notes Period Action Period Action

Advanced medical 20 years Review and Research – ethics 5 years Review and This applies to trials where therapy research - consider committee’s and consider opinions are given to proceed with master file transfer to HRA approval transfer to the trial, or not to proceed. PoD documentation for PoD research proposal These may also have archival value. and records to process patient Clinical trials – 5 years Review and Master file of a trial authorised information without applications for consider under the European portal, under consent ethical approval transfer to Regulation 536/2014. PoD For clinical trials records retention Research – ethics 20 years Review and Retention period begins from the refer to the MHRA guidance. committee’s minutes consider year to which they relate and can (including records transfer to be as long as 20 years. Committee The sponsor of the study will be to process patient PoD minutes must be transferred to the primary holder of the study file information without PoD. and associated data. consent)

This is based on the Medicines for Human Use (Clinical Trials) Amendment Regulations 2006 (specifically Regulations 18 and 28).

European 15 years Review and Commission consider Authorisation transfer to (certificate or letter) PoD to enable marketing and sale within EU member state’s area

Research - datasets No longer Review and than 20 consider years transfer to PoD

Records Management Code of Practice 2021 72 73

CORPORATE GOVERNANCE Record Type Retention Disposal Notes Period Action

Committees 6 years Review and Includes minor meetings, projects, Record Type Retention Disposal Notes (minor) – not consider and departmental business Period Action listed in scheme of transfer to meetings. delegation* PoD Board meetings* Up to 20 years Review and A local decision can be made on These may have local historical transfer to how long to retain the minutes of value and require transfer PoD board meetings (and associated consideration. papers linked to the board meeting), but this must not exceed 20 years, and will be required to be transferred to the local PoD Corporate records Review, and Contact your local PoD to arrange or The National Archives (for of health and care transfer to review and transfer. Records National Bodies). organisations and PoD not selected by the PoD must be providers that pre- securely destroyed. An example date the NHS (July might be the minutes of the 1948) hospital board from 1932, or Board meetings Up to 20 years Review and Although these may still contain midwifery diaries dated Dec 1922. (closed boards)* transfer to confidential or sensitive material, PoD they are still a public record and Data Protection 6 years Review and Should be kept for the life of the must be transferred at 20 years, Impact destroy if activity to which it relates, plus six and any FOI exemptions noted, Assessments no longer years after that activity ends. If the or indications that the duty of (DPIAs) required DPIA was one -off, then 6 years confidentiality applies. from completion.

Chief Executive Up to 20 years Review and This may include emails and Destruction 20 years Review and Where a record is listed for records* transfer to correspondence where they are certificates dispose of potential transfer to PoD have PoD not already included in board or record of if no longer been destroyed without adequate papers. information held required appraisal, consideration should on destroyed be given to a selection of these as Committees Up to 20 years Review and physical media an indicator of what has not been (major) – listed transfer to preserved. in Scheme of PoD delegation or report direct into the board Electronic Refer to destruction certificates. (including major metadata projects)* destruction stubs

Incidents – serious 20 years Review and Retention begins from the date consider of the Incident – not when the transfer to incident was reported. PoD

Records Management Code of Practice 2021 74 75

Record Type Retention Disposal Notes Record Type Retention Disposal Notes Period Action Period Action

Incidents – not 10 years Review and Retention begins from the date Policies, strategies Life of Review and Retention begins from when serious destroy if of the incident – not when the and operating organisation consider the document is approved, until no longer incident was reported. procedures – plus 6 years transfer to superseded. If the retention period required including business PoD reaches 20 years from the date of plans* approval, then consider transfer to PoD.

Incidents – serious 20 years Review and These include independent incidents requiring consider investigations into incidents. These investigation transfer to may have permanent retention Quarterly reviews 6 years Review and Retention period in accordance PoD value so consult with the local from NHS trusts destroy if with the Limitation Act 1980. PoD. If they are not required, then no longer destroy. required

Non-clinical QA 12 years Review and Retention begins from the end of Risk registers 6 years Review and Retention period in accordance records destroy if the year to which the assurance destroy if with the Limitation Act and no longer relates. no longer corporate awareness of risks. required required

Staff surveys – 1 year after Review and Forms are anonymous so do not individual returns return destroy if contain PID unless provided in free Patient advice 10 years Review and Retention begins from the close and analysis no longer text boxes. May be required again and liaison service destroy if of the financial year to which the required if analysis is reviewed. (PALS) records no longer record relates. required

Staff surveys – final 10 years Review and Organisations may want to keep report consider final reports for longer than the Patient surveys – 1 year after Review and May be required again if analysis is transfer to raw data and analysis, for trend individual returns return destroy if reviewed. PoD analysis over time. This period and analysis no longer can be extended, provided there required is justification and organisational approval.

Trust submission 6 years Review and Retention period in accordance Patient surveys – 10 years Review and Organisations may want to keep forms destroy if with the Limitation Act 1980. final report consider final reports for longer than the no longer transfer to raw data and analysis, for trend required PoD analysis over time. This period can be extended, provided there is justification and organisational approval.

Records Management Code of Practice 2021 76 77

COMMUNICATIONS STAFF RECORDS AND OCCUPATIONAL HEALTH

Record Type Retention Disposal Notes Record Type Retention Disposal Notes Period Action Period Action

Intranet site* 6 years Review and Duty roster 6 years Review and Retention begins from the consider if no longer close of the financial year. transfer to needed PoD destroy

Patient 6 years Review and These do not need to be leaflets from Exposure monitoring 40 years or Review and A) Where the record is information consider every part of the organisation. A information 5 years from if no longer representative of the leaflets transfer to central copy can be kept for potential the date of needed personal exposures of PoD transfer. the last entry destroy identifiable employees, for made in it at least 40 years or B) In any other case, for at least 5 years. Press releases and 6 years Review and Press releases may form part of a important internal consider significant part of the public record of Occupational health Keep until Review and communications transfer to an organisation which may need to be reports 75th birthday if no longer PoD retained. or 6 years needed after the destroy staff member leaves Public 5 years Review and Whilst these have a shorter retention whichever is consultations consider period, there may be wider public sooner transfer to interest in the outcome of the PoD consultation (particularly where this Occupational health Keep until Review and resulted in changes to the services report of staff member 75th birthday if no longer provided) and so may have historical under health surveillance needed value. destroy

Occupational health 50 years from Review and report of staff member the date of if no longer Website* 6 years Review and The PoD may be able to receive these under health surveillance the last entry needed consider by a regular crawl. Consult with the where they have been or until 75th destroy transfer to PoD on how to manage the process. subject to radiation doses birthday, PoD Websites are complex objects, but whichever is crawls can be made more effective if longer certain steps are taken.

Records Management Code of Practice 2021 78 79

Record Type Retention Disposal Notes Record Type Retention Disposal Notes Period Action Period Action

Staff record Keep until Review, and This includes (but is not Timesheets (original 2 years Review and Retention begins from 75th birthday consider limited to) evidence of record) if no longer creation. (see notes) transfer to right to work, security needed PoD checks and recruitment destroy documentation for the successful candidate Staff training records See notes Review and Records of significant including job adverts and consider training must be kept until application forms. transfer to a 75th birthday or 6 years PoD after the staff member Some PoDs accession NHS leaves. It can be difficult staff records for social to categorise staff training history purposes. Check records as significant as with your local PoD about this can depend upon the possible accession. staff member’s role. The following is recommended: If the PoD does not accession them, then the clinical training records records can be securely - to be retained until 75th destroyed once the birthday or six years after retention period has been the staff member leaves, reached. whichever is the longer

Staff record - summary 75th Birthday Review, and Please see the good statutory and consider practice box staff record mandatory training transfer to summary used by an records - to be kept for PoD organisation. ten years after training completed Some organisations create summaries after a period of other training records time since the staff member - keep for six years after left (usually 6 years). This training completed practice is ok to continue if this is what currently Disciplinary records Retain for 6 Review and Retention begins once occurs. The summary, years destroy if the case is heard and any however, needs to be kept no longer appeal process completed. until the staff member’s required The record may be retained 75th birthday, and then for longer, but this will be a consider transferring to local decision based on the PoD. facts of the case. The more serious the case, the more If the PoD does not require likely it will attract a longer them, then they can be retention period. Likewise, securely destroyed at this a one-off incident may point. need to only be kept for the minimum time stated. This applies to all cases, regardless of format.

Records Management Code of Practice 2021 80 81

PROCUREMENT ESTATES

Record Type Retention Disposal Notes Record Type Retention Disposal Notes Period Action Period Action

Contracts sealed or Retain for 6 Review and Building plans, Lifetime (or Review and Building plans and records of works unsealed years after if no longer including records disposal) consider are potentially of historical interest the end of needed of major building of building transfer to and where possible, should be kept the contract destroy works plus 6 years PoD and transferred to the local PoD.

Contracts - financial Retain for 15 Review and Closed circuit Refer to Review and The length of retention must be approval files years after if no longer television (CCTV) ICO Code destroy if determined by the purpose for which the end of needed of Practice no longer the CCTV has been used. the contract destroy required CCTV footage must remain viewable Contracts - financial Retain for 11 Review and for the length of time it is retained,

approved suppliers years after if no longer and where possible, systems documentation the end of needed should have redaction or censoring the contract destroy functionality to be able to blank out the faces of people who are Tenders (successful) Retain for 6 Review and captured by the CCTV, but not subject years after if no longer to the access request, for example, the end of needed police reviewing CCTV as part of an the contract destroy investigation.

Tenders (unsuccessful) Retain for 6 Review and Equipment 40 years Review and Retention begins from the completion years after if no longer monitoring, destroy if of the monitoring or testing. the end of needed and testing and no longer the contract destroy maintenance required This includes records of air monitoring work where and health records relating to asbestos ASBESTOS is a exposure, as required by the Control of factor Asbestos Regulations 2012.

Equipment Lifetime of Review and Retention begins from the completion monitoring – installation destroy if of the testing and maintenance. general testing no longer and maintenance required work

Inspection reports Lifetime of Review and Retention begins at the END of the installation dispose of installation period. if no longer required Building inspection records need to comply with the Construction (Design and Management) Regulations 2015.

Records Management Code of Practice 2021 82 83

FINANCE Record Type Retention Disposal Notes Period Action

Leases 12 years Review and Retention begins at point of lease destroy if termination. Record Type Retention Disposal Notes no longer Period Action required Accounts 3 years Review and Retention begins at the CLOSE of Minor building 6 years Review and Retention begins at the point of destroy if the financial year to which they works destroy if WORKS COMPLETION. no longer relate. no longer required required Includes all associated documentation and records for the Photographic Up to 20 Review and These provide a visual historical legacy purpose of audit. collections – years consider of the running and operation of an service locations, transfer to organisation. They may also provide Benefactions 8 years Review and These may already be in the events and PoD secondary uses, such as use in public consider financial accounts and may be activities inquiries. transfer to captured in other reports, records PoD or committee papers. Radioactive 30 years Review and Retention begins at the CREATION of Benefactions, endowments, trust records destroy if the waste. no longer fund or legacies should be offered required If a person handling radioactive waste to the local PoD. is exposed to radiation (accidental or otherwise), then the records relating to that person must be kept until they reach 75 years of age or would have Debtors’ records – 2 years Review and Retention begins at the CLOSE of attained that age. CLEARED destroy if the financial year to which they In any event, records must be kept no longer relate. for at least 30 years from the date of required dosing or accident. This also includes patients or service users who require medical exposure to Debtors’ records – 6 years Review and Retention begins at the CLOSE of radiation, as required by the Ionising NOT CLEARED destroy if the financial year to which they Radiation Regulations 2017. no longer relate. required Sterilix 11 years Review and Retention begins from the DATE OF Endoscopic destroy if TEST. Disinfector Daily no longer Water Cycle required Donations 6 years Review and Retention begins at the CLOSE of Test, Purge Test, destroy if the financial year to which they Ninhyndrin Test no longer relate. required Surveys – building Lifetime of Review and Retention period begins at the END of or installation installation consider INSTALLATION period. (not patient or building transfer to surveys) PoD (See Inspection reports for legal basis for these records)

Records Management Code of Practice 2021 84 85

Record Type Retention Disposal Notes Record Type Retention Disposal Notes Period Action Period Action

Expenses 6 years Review and Retention begins at the CLOSE of Staff salary 10 years Review and Retention begins at the CLOSE of destroy if the financial year to which they information or destroy if the financial year to which they no longer relate. files no longer relate. required required

Final annual Up to 20 years Review and These should be transferred when Superannuation 10 years Review and Retention begins at the CLOSE of accounts report* transfer to practically possible, after being records destroy if the financial year to which they PoD retained locally for a minimum no longer relate. of 6 years. Ideally, these will be required transferred with board papers for that year to keep a complete set of governance papers.

Financial 6 years Review and Retention begins at the CLOSE of transaction destroy if the financial year to which they records no longer relate. required

Invoices 6 years from Review and end of the destroy if financial year no longer they relate to required

Petty cash 2 years Review and Retention begins at the CLOSE of destroy if the financial year to which they no longer relate. required

Private Finance Lifetime of Review and Retention begins at the END of the Initiatives (PFI) PFI consider PFI agreement. This applies to the files transfer to key papers only in the PFI. PoD

Records Management Code of Practice 2021 86 87

LEGAL, COMPLAINTS AND INFORMATION RIGHTS

Record Type Retention Disposal Notes Record Type Retention Disposal Notes Period Action Period Action

Complaints – case 10 years Review and Retention begins at the CLOSURE Industrial 10 years Review and Retention begins at the CLOSE files destroy if of the complaint. relations – consider of the financial year to which it no longer including transfer to relates. Some organisations may required The complaint is not closed until all tribunal case PoD record these as part of the staff processes (including potential and records record, but in most cases, they actual litigation) have ended. should form a distinctive separate record (like complaints files). The detailed complaint file must be kept separately from the patient Litigation records 10 years Review and Retention begins at the CLOSURE file (if the complaint is raised consider of the case. Litigation cases of by a patient or in relation to). transfer to significant or major issues (or with Complaints files must always be PoD significant, major outcomes) should separate. be considered for transfer. Minor cases should not be considered for (Also refer to Appendix III: transfer. If in doubt, consult with complaints records) the PoD.

Fraud – case files 6 years Review and Retention begins at the CLOSURE Intel patents, Lifetime Review and Retention begins at the END destroy if of the case. This also includes trademarks, of patent, consider of lifetime or patent, or no longer cases that are both proven and copyright, IP or 6 years transfer to TERMINATION of licence or action. required unproven. from end of PoD licence or Freedom of 3 years Review and Retention begins from the action Information destroy if CLOSURE of the FOI request. (FOI) requests, no longer Where redactions have been Software licences Lifetime of Review and Retention begins at the END of responses to required made, it is important to keep a software destroy if lifetime of software. the request copy of the response and send to no longer and associated the requestor. In all cases, a log required correspondence must be kept of requests and the response sent. Subject Access 3 years Review and Retention begins at the CLOSURE Requests (SAR), destroy if of the SAR. FOI requests – 6 years Review and Retention begins from the response, and no longer where there has destroy if CLOSURE of the appeal process. subsequent required been an appeal no longer correspondence required SAR – where 6 years Review and Retention begins at CLOSURE of there has been destroy if appeal. an appeal no longer required

Records Management Code of Practice 2021 88 89

Appendix III: How to deal with specific types of records

This Appendix provides detailed advice on records management relating to Asylum seeker records specific types of records for example, transgender records, witness protection records and adopted persons records. These are presented in alphabetical order. Records for asylum seekers must be treated in exactly the same way as other care It also provides advice on managing certain formats of records, for example, records, allowing for clinical continuity and evidence of professional conduct. emails, cloud-based records and scanned records. Organisations may decide to give asylum seekers patient or service user held records (section below) or hold them themselves. Patient or service user held records should be subject to a risk assessment because the record legally belongs TYPE OF RECORD to the organisation, and if required, they must be able to get it back. There is a risk that patient or service user held records could be tampered with or altered in an unauthorised way so careful consideration needs to be given to this decision. Adopted persons health records

Notwithstanding any other centrally issued guidance by the Department of Audio and visual records Health and Social Care or Department for Education, the records of adopted persons can only be placed under the new last name when an adoption order Audio and visual records can take many forms such as using a dictaphone (digital has been granted. Before an adoption order is granted, an alias may be used but or analogue) to record a session or conducting a health or care interaction using more commonly the birth names are used. videoconferencing technologies.

Depending on the circumstances of the adoption there may be a need to protect The following needs considering when patient or service user interactions are from disclosure any information about a third party. Additional checks before captured in this way: any disclosure of adoption documentation are recommended because of the heightened risk of accidental disclosure. • Clinical appropriateness: Organisations should decide when it is appropriate to use audio or visual methods for the provision of health or care. This should be documented in organisational policies and understood It is important that any new records, if created, contain sufficient information by the relevant health and care professionals. to allow for a continuity of care. At present the GP would initiate any change of NHS number or identity if it were considered appropriate to do so following the • Retention: If the recording is going to be kept elsewhere (for example, adoption. as part of the health and care record) then there is no reason to keep the original recording provided the version in the main record is the same Ambulance service records as the original or there is a summary into words which is accurate and adequate for its purpose. If the recording is the only version or instance Ambulance service records will contain evidence of clinical interventions of the interaction, then it must be kept for the relevant retention period delivered and are therefore clinical records. This means that they must be outlined in this Code (for example, adult, child health or mental health retained for the same time as other acute or mental health clinical records retention periods). Some recordings may have archival value (although this depending on where the person is taken to for treatment. Where ambulance is unlikely), and this should be considered on a case-by-case basis. service records are not clinical in nature, they must be kept as administrative records. There is a distinction between records of patient transport and records • Digital continuity: You must consider the medium on which the recording of clinical intervention. If the ambulance clinical record is handed over to is made and ensure that it is available throughout its retention period (for another service or NHS trust, there must be a means by which the ambulance example, if the system or file format is becoming obsolete, then you will trust can obtain them again if necessary. Alternatively, they can be copied and need to migrate it to a newer platform or format to ensure availability). only the copy transferred, providing this is legible. If it is a digital recording and you are looking to store it in the health and care record, ensure the transfer process captures the authenticity of the recording kept.

Records Management Code of Practice 2021 90 91

• Storage: Ensure your recordings are stored on systems you control or health and care professional involved in providing individual care in order to are provided to you under contract. If stored with the product provider, make improvements in care delivery. However, there may also be times where you must give them (as controller) clear instructions on the storage and the complaint is about an individual but not care related and it might not be retention of those images (for example, delete one month after the date appropriate to share details of the complaint with that person, in case further of the recording because it has been summarised into the main health and action is required. The Complaints Team should review each complaint on a case- care record, or retain for 8 years from consultation with the patient or by-case basis. service user, then destroy). Providers acting under contract to a controller are obliged to carry out their written instruction. Where multiple teams are involved in the complaint handling, all the associated • Transparency: You must be transparent with patients and service users records must be brought together to form a single record. This will prevent the regarding the use of audio and visual technology, and associated records, situation where one part of the organisation does not know what the other has so that they have a reasonable understanding of how they will be used, done. A complaint cannot be fully investigated if the investigation is based on why, and what will happen with the recording after the interaction. For incomplete information. It is common for the patient or service user to ask to see example, it would be unfair to tell participants that the recordings are a copy of their complaint file and it will be easier to deal with if all the relevant deleted if they are not. material is in one file. Where complaints are referred to the Ombudsman Service, a single file will be easier to refer to.

Child school health records Health and care organisations should have a local policy to follow with regards to complaints, covering how information will be used once any complaint is Similar to family records (refer to page 94), each child should have their own raised, and after the complaint has been investigated, regardless of outcome. school health record rather than a record for the school (with consecutive The ICO has also issued guidance on complaints files and who can have access to entries) or per year intake. If a child transfers to a school under a different local them, which will drive what must be stored in them. authority, then the record will also need to be transferred to the new school health service provider. This must only be done once it is confirmed the child is now resident in the new location. The record must be transferred securely. The Contract change records recipient of the record should contact the sender to confirm receiving the record Once a contract ends, any service provider still has a liability for the work they (if appropriate). If the records are kept on school premises, then access must be have done and, as a general rule, at any change of contract the records must be restricted to health staff delivering care or other staff who have a legitimate retained until the time period for liability has expired. reason to access them. In the standard NHS contract there is an option to allow the commissioner to Local organisations may operate a paper or digital system. Records from other direct a transfer of care records to a new provider for continuity of service Child Health Teams, following a referral, must be accepted by the receiving and this includes third parties and those working under any qualified provider organisation regardless of format. This is due to safeguarding risks. contracts. This will usually be to ensure the continuity of service provision (for current cases) upon termination of the contract. It is also the case that after the Complaints records contract period has ended, the previous provider will remain liable for their work. In this instance there may be a need to make the records available for Where a patient or service user complains about a service, it is necessary to keep continuity of care or for professional conduct cases. a separate file relating to the complaint and subsequent investigation. Detailed complaint information should never be recorded in the health and care record. A complaint may be unfounded or involve third parties and the inclusion of that When a service is taken over by a new provider, the records of the service information in the health or care record will mean that the information will be (current and discharged cases) all transfer to the new provider (unless directed preserved for the life of the record and could cause detrimental prejudice to the otherwise by the commissioner of the service). This is to ensure that the records relationship between the patient or service user and the Health and Care Team. for the service remain complete and enable patients or service users to obtain In some cases, it may be appropriate to share details of the complaint with the their record if they so request it. It also makes the records easier to locate if they

Records Management Code of Practice 2021 92 93

are required for other purposes. This will also stop the fragmentation of the Continuing healthcare (CHC) records archive records for the service and make it much easier to retrieve records. Continuing healthcare records can be split into two parts: Where legislation creates or disbands public sector organisations, the legislation • Care record: The care record is the information relating to a patient or will normally specify which organisation holds liability for any action conducted service user’s care that enables the CHC panel to determine eligibility for by a former organisation. This may also include consideration of the identity of CHC based on an assessment of needs. This can be provided directly by the legal entity, which must manage the records. the patient or service user or obtained from health and care providers as part of the eligibility process. Consent to obtain this information would be In some cases, records may end up orphaned. This may happen where the required to satisfy the duty of confidence. The initial checklist completed organisation that created them is being disbanded and there is no successor by the referrer may also contain some level of confidential information and organisation to take over the service or provision. In these cases, orphaned this may also be used to determine eligibility. records need to be retained by the highest level commissioner of that service or provision. For example, if a GP practice closes, patients will be offered the • Administrative record: The administrative record is the information used choice to register with another nearby practice. When they register with the by the CCG to ensure the CHC process runs effectively - an example being new practice, the record will follow the patient to that new practice. However, appointment letters asking the patient or service user to attend a panel. if a practice closes, and the patient does not re-register elsewhere, the record CCGs require access to health and care information to determine a patient will transfer to NHS England and Improvement, who commission primary care or service user’s entitlement (once the CCG has been notified). services in England for ongoing management. CHC activity is covered in law by the 2012 Commissioning Board and NHS CCG Where the content of records is confidential, for example, health and care Regulations. This means consent is not required to process personal data in records, it will be necessary to inform the individuals concerned about the relation to CHC but consent will be required to satisfy the duty of confidence. change. Where there is little impact upon those receiving care, it may be CCGs will need to have systems in place to allow for the safe and secure sharing sufficient to use posters and leaflets to inform people about the change, but of patient or service user information with relevant partners as necessary, and more significant changes will require individual communications. Although to inform patient or service users of how their data will be used as part of this the conditions of UK GDPR may be satisfied, in many cases there is still a duty process. Digital viewing and sharing of records may be preferable to paper of confidentiality which may require a patient or service user (in some cases) copies being printed and used for CHC, due to the risk of accidental loss or to agree to the transfer, dependent upon the legal basis and the implications disclosure. of their choice discussed with them. If the new provider has a statutory duty to provide the service, then consent does not need to be sought. If there is no CHC records should be kept for the same period of time as adult and child health statutory duty, then consent would need to be sought to satisfy the common law records, from the date the case is decided by the CHC panel. Where CHC cases duty of confidentiality. relate to mental health, these should be kept for the same period of time as mental health records. It is vital to highlight the importance of actively managing records, which are stored in offsite storage (refer to section three of the Code for further Controlled drugs regime information on offsite storage including the importance of completing a DPIA). NHS England, in conjunction with the NHS Business Services Authority, has These principles and guidance can also apply to non-clinical situations as well, established procedures for handling information relating to controlled drugs. such as when CCGs merge or a trust takes over the running of another one. This guidance includes conditions for storage, retention and destruction of information. Where information about controlled drugs is held please refer to NHS England guidance. Annex 1 of this Appendix summarises the considerations and actions required relating to various contract change situations.

Records Management Code of Practice 2021 94 95

Duplicate records General Practitioner records

The person or team to which the record relates will normally hold the original It is important to note that the General Practitioner (GP) record, usually record however occasionally duplicates may be created for legitimate business held by the General Practice, is the primary record of care and the majority purposes. It is not necessary to keep duplicates of the same record unless it is of other services must inform the GP through a discharge note or a clinical used in another process and is then a part of a new record. Where this is not correspondence that the patient has received care. This record is to be retained required, the original should be kept, and the duplicate destroyed. For example, for the life of the patient plus at least ten years after death. The GP record incident forms, once the data is entered into the risk information system, the transfers with the individual as they change GP throughout their lifetime. Where paper is now a duplicate, and so can be destroyed. Some clinical systems allow the patient has de-registered, records should be kept for 100 years since de- printouts of digital records. Where printouts are used, these must be marked as registration. A review is taking place to ascertain how long this period should be duplicates or copies to help prevent them from being used as the primary record. in the going forwards.

Evidence required for courts Current guidance advises that the content of paper Lloyd George records should only be destroyed once they have been scanned to the required standard and In UK Law, the civil procedure rules allow evidence to be prepared for court quality assurance of the scanned images has been completed, confirming that and, as part of this, the parties in litigation can agree what documents they will they are a like for like copy of the original paper records. The Lloyd George disclose to the other party and, if required, dispute authenticity. The disclosure envelope itself should not be destroyed at the current time and must be kept of digital records is referred to as E-Disclosure or E-Discovery. The relevant part to meet with the requirements for patient record movement. NHS England for disclosure and admissibility of evidence is given in the Ministry of Justice’s undertook a project to cease the creation of Lloyd George envelopes for all new Civil Procedure Rules - Part 3. If records are arranged in an organised filing entrants to the NHS, which was implemented in January 2021 (except in limited system, such as a business classification scheme, or all the relevant information circumstances). They are also looking at ways to enable destruction of existing is placed on the patient or client file, providing records as evidence will be Lloyd George envelopes, though this aspect may have a longer implementation much easier. Further advice on electronic records and evidential weighting timeframe. This Code will be updated as the programme develops. can be found in BIP10008: Evidential Weight and Admissibility of Electronic Information. Individual funding requests (IFRs)

Family records Similar to CHC, IFR cases are mainly administrative records, but also contain large amounts of personal/confidential patient information and as such, should be Family records used to be common within health visiting teams, amongst others, treated in the same way as CHC records. where a whole family view was needed to deliver care. Whilst these records should no longer be created, they are included here for legacy reasons. As IFRs are unique to an individual, it may be that the care package given to the patient or service user is unique and bespoke to that person. This could mean Due to changes in the law and best practice, it is not advisable to create a single that the record may have long-term archival value, due to the uniqueness of paper or digital record that contains the care given to all family members. Each the care given in this way, and so potentially may be of interest to The National person is entitled to privacy and confidentiality, and having all a person’s records Archives. Local discussions should be held with the PoD to determine the level in one place could result in a health professional or family member accessing of local interest, although they would not normally get involved at this level confidential information of another family member accidentally or otherwise. of discussion. It would be a joint discussion on the principle and agreement to archive this type of record and then the responsibility of the health and care Good practice would be to create an individual file for each person but with cross organisation to choose individual records that meet this criteria. references to other family members. This means that each individual has their own record, but health and care professionals can see who else is related to that person, and so can check these records where necessary. Single records also help to protect privacy and confidentiality and (if digital) keep an audit trail of access.

Records Management Code of Practice 2021 96 97

Integrated records Where organisations are looking to create integrated records, they must enter into a joint controller arrangement, which detail the purpose and method of Since 2013, there has been an increase in the number of initiatives promoted integrated records. It should also set out how disputes between controllers may and launched that involve integrated records. There has also been recognition be resolved. Information materials for patient or service users must also reflect nationally that joined up delivery of health and care services can increase how their records are used. the quality of care delivered, and also deliver those services more efficiently. Examples include: Increasingly, where organisations are using this type of system, the information • NHS England Vanguard Programme contained within has the potential to be used for purposes other than individual care, such as Population Health Management (PHM). PHM is a tool that is • Sustainability and Transformation Plans (STPs) increasingly being used to help plan and prepare care provision in a particular • Integrated Care Services (ICS) geographical area or specialty. See also the section on Integrated viewing technology and record keeping in the format section below. • Local Health and Care Records (LHCR) NHSX has published an Information Governance Framework for Shared Care Depending on the agreements under which integrated records are established Records, which provides further guidance. these may be subject to the Public Records Act. Generally, if an NHS body is at least partly responsible for the creation and control of the record, it will Occupational health (OH) records normally be considered a public record to be managed in accordance with the Occupational health records are not part of the main staff record and for Act. The relevant PoD should be notified that this is the case. If in doubt, consult reasons of confidentiality they are held separately. It is permitted for reports or with The National Archives. summaries to be held in the main staff record where these have been requested by the employer and agreed by the staff member. When occupational health The options for organisations will depend on what local architecture and records are outsourced, the organisation must ensure that: systems are already in use. There are three types of retention for integrated records, and suggested retention periods for each. • staff are aware of the outsourcing and how their information may be used for OH purposes 1. All organisations contribute to a single record, creating the only record for that patient or service user. Consideration must be given to how this is • the contractor can comply as necessary with data protection and managed in practice (for example, some records will be retained for 8 years confidentiality requirements and some for 20 years but they will look the same at face value) (retain for • there is a contract in place with the outsourced provider that has legally the longest specialty period involved). binding clauses in relation to data protection and confidentiality 2. All organisations pool their records into a single place but keep a level of • the contractor can retain records for the necessary period after the separation between each type of record (retain for each specialty as termination of contract for purposes of adequately recording any work- applicable – because they are not merged) based health issues and is able to present them to the organisation if 3. All organisations keep their own records, but allow others to view required their records, but not amend or add to (retain for each specialty as applicable – because they are not merged)

Records Management Code of Practice 2021 98 99

Pandemic records Organisations must be able to produce a record of their work, which includes services delivered in the home where the individual holds the record. Upon the Health and care organisations will create records as part of a response to a termination of treatment, where the records are the sole evidence of the course global pandemic. Pandemic events are rare but will nevertheless create records of treatment or care, they must be recovered and given back to the issuing that need to be managed. organisation.

Both patient and service user records will be created that detail the care given to A copy can be provided if the individual wishes to retain a copy of the records people affected by the pandemic. Corporate records will also be created which through the SAR process. In cases where the individual retains the actual record record business decisions, policies and processes that were taken in response to a after care, the organisation must be satisfied it has a record of the contents. pandemic. Patient or service user portals These records should be managed in accordance with the retention schedules set out in this Code. Organisations should be mindful that a public inquiry (or Organisations may implement products that provide patients and service users inquiries) is likely to take place after a pandemic so the pandemic related records with access to their records. Access may be either online or via an app or portal. could be used or requested as part of that Inquiry. The Government has already There are increasing numbers of commercial organisations that are providing agreed to hold a public inquiry into the coronavirus pandemic that began in these products. 2020. The provision of these products must comply with data protection legislation. If organisations have created records specifically in response to a pandemic, Health and care organisations must conduct a DPIA if they are considering using these should not be destroyed when they have reached their minimum retention such a product. Health and care organisations must remain controller for the period, unless the public inquiry has ended, or the Inquiry has provided guidance patient or service user’s information. In most cases, the supplier of the product on what type of records it will be interested in. These specific records may have or system will be a processor as the product facilitates access to the information historical value, so discussions should take place with your local PoD. A policy held by health and care organisations. on how to manage a new admission to a care home of an individual with a coronavirus diagnosis may be of interest to the PoD, whereas the care record Controllers must consider what is relevant and proportionate to include in this might not have the same value and should be managed as a health and care type of record. Some information may not be appropriate to add to the portal, record. Any guidance or advice issued by The National Archives or your local PoD for example, harmful information a patient does not know yet because the in relation to the preservation of pandemic records should be followed. intention is to let them know in person during a consultation.

Patient or service user held records Information about the patient or service user must not be uploaded into the product until there is a clear legal basis for doing so, for example, patient Some clinical or care services may benefit from the patient or service user consent. Individuals must be provided with information materials so that they holding their own record, for example, maternity services. Where this is can make an informed choice as to whether or not to sign up. The materials considered to be the case a risk assessment should be carried out by the should also make it clear what information patients and service users can upload organisation. Where it is decided to leave records with the individual who is themselves directly to the portal if this is an option. It should also be clear to the the subject of care, it must be indicated on the records that they remain the patient or service user who controls the information. property of the issuing organisation and include a return address if they are lost. Upon the discharge of the patient or service user, the record must be returned to the health or care organisation involved in the person’s care. Information stored in a product like this should be retained in line with the retention schedules outlined in this Code (for example, adult health records for 8 years after last seen).

Records Management Code of Practice 2021 100 101

Pharmacy held patient records Private patients treated on NHS premises

Where records of individuals who are not NHS or social care funded are held in These are the records of patients that the pharmacy has dispensed medications the record keeping systems of NHS or social care organisations, they must be to or had some other form of clinical interaction with (for example, given a flu kept for the same minimum retention periods as other records outlined in this jab) - similar to a hospital or care home patient record. Code. The same levels of security and confidentiality will also apply.

Records of prescriptions dispensed will be kept by NHS BSA so there is no need Public health records to keep a copy of the prescription locally except for audit purposes. A local authority normally hosts public health functions, but the functions still Other elements of the pharmacy record, for example, vaccinations provided, involve the handling of health and care information. For this reason, public should be viewed in the same way as a patient record, and should be destroyed health functions are in the scope of this Code. Where clinical information is 8 years after the last interaction with the patient. However, if there is a need to being processed by the public health function it is expected to comply with the keep the record for longer, then this can be extended up to 20 years, provided NHS Digital Code of Practice for Confidential Information. there is a justified, documented and approved reasons for doing so. Information materials for patients should also be reflective of the organisation’s retention Records relating to sexually transmitted diseases period. Organisations that provide care and support under the NHS Trusts and Primary Prison health records Care Trusts (Sexually Transmitted Disease) Directions 2000 must be aware of the additional obligations to confidentiality these impose on employees and trustees In 2013 responsibility for offender health in HM Prison Service transferred of organisations. These organisations include NHS Trusts, CCGs, local authority from the Ministry of Justice to NHS England. A national computer-based record public health teams and those providing services under NHS contracts. was created to facilitate the provision of care and the transfer of care records associated with inmate transfers throughout imprisonment. This obligation differs from the duty of confidentiality generally because it prohibits some types of sharing but enables sharing where this supports A significant number of paper records remain, and some offender health services treatment of patient or service users. For this reason, it is common for services operate a mix of paper and digital records. Prison records should be treated as dealing with sexually transmitted diseases to partition their record keeping hospital episodes and may be disposed of after the appropriate retention has systems to comply with the directions and more generally to meet patient or been applied. The assumption is that a discharge note has been sent to the GP. service users’ expectations that such records should be treated as particularly sensitive. Where a patient or service user is sent to prison the GP record (or social care record) must not be destroyed but held until the patient is released or normal Secure units for patients detained under the Mental Health Act 1983 retention periods of records have been met. Mental health units operate on a low, medium and high-risk category basis. Not all patients on these units will have been referred via the criminal justice system. Prison health records may have archival value, but this is the exception rather Some patients may be deemed a risk under the Mental Health Act and will than rule. Records should be kept in line with the same period as for de- need to be accommodated accordingly. Some patients may be high-risk due to registered GP records, with a view to further retention (with justification) and a the nature of a crime they have committed because of their mental health and potential transfer to a PoD, subject to their approval. therefore will need to be treated in a high secure hospital, such as Broadmoor. As such, their records should be treated in the same way as other mental health records including retention periods (20 years, and longer if justified and permitted) and final disposal. A long retention time may also help staff at these units deal with subsequent long-term enquiries from care providers.

Records Management Code of Practice 2021 102 103

Sexual assault referral centres Staff records

Sexual assault referral centres (SARCs) are highly specialised forensic and health Staff records should hold sufficient information about a staff member for services co-commissioned by Police and Crime Commissioners and NHS England decisions to be made about employment matters. The nucleus of any staff file and Improvement. SARCs support the physical, mental health and wellbeing of will be the information collected through the recruitment process and this will service users and collect forensic evidence pertaining to alleged sexual offences. include the job advert, application form, evidence of the right to work in the UK, Records generated may include forensic medical examination notes, body identity checks and any correspondence relating to acceptance of the contract. maps, photographic records, and DNA intelligence. Reports or statements on The central HR file must be the repository for this information, regardless of the these records may be required as evidence in a court of law, and the records media of the record. management process must facilitate this. Based on relevant guidance, legal and regulatory obligations, a minimum retention period of 30 years for SARC records It is common practice in some health and care organisations for the line has been applied by NHS England and NHS Improvement. This retention period manager to hold a truncated record, which contains portions of an employee’s reflects the severity of the alleged offence; the length of time for the potential employment history. This can introduce risk to personal information (as it is bringing of criminal justice proceedings and right to appeal; and the potential duplicated), but also potentially expedient to do so. Organisations considering for cold case review. Retaining records beyond 30 years is acceptable provided whether to use, or discontinue using, local HR files, should complete a risk there is ongoing justification and the decision is documented and approved by assessment. the relevant committees responsible for the SARCs operational delivery. Information kept in truncated staff files should be duplicates of the original Specimens and samples held in the central HR file. If local managers are given originals as evidence (such as a staff member bringing in a certificate of competence) they should take a The retention of human material is covered by this Code because some copy for local use and the original should be kept with the main HR file. It is specialities will include physical human material as part of the patient or service important that there is a single, complete employment record held centrally for user record (or linked to it). The record may have to be retained longer than the reference and probity. sample because the sample may deteriorate over time. Relevant professional bodies such as the Human Tissue Authority or the Royal College of Pathologists have issued guidance on how long to keep human material. Physical specimens Upon termination of contract (for whatever reason), records must be held up to or samples are unlikely to have historical value, and so are highly unlikely to be and beyond the statutory retirement age. Staff records may be retained beyond selected for permanent preservation. 20 years if they continue to be required for NHS or organisational business purposes, in accordance with Retention Instrument 122. Usually this relates to inpatient ward areas, where the ward manager will keep a small file relating to The human material may not be kept for long periods, but that does not mean the training and clinical competencies of ward staff. Where there is justification that the information or metadata about the specimen or sample must be for long retention periods or protection is provided by the Code, this will not destroyed at the same time. The information about any process involving human be in breach of GDPR Principle 5. (Refer to section 5 of the Code for further material must be kept for continuity of care and legal obligations. The correct information about retention of records). place to keep information about the patient is the clinical record and although the individual pathology departments may retain pathology reports, a copy must always be included on the patient record. Physical specimens or samples do not have to be stored within the clinical record (unless designed to do so) but can be stored where clinically appropriate to keep the material, with a clear reference or link in the clinical file, so both the material and the clinical record can be joined together if necessary.

Records Management Code of Practice 2021 104 105

Some organisations operate a weeding system, whereby staff files are culled of individual record types that are now time expired (such as timesheets). Others Good practice for a staff record summary: have just kept the whole file as is and archived it away until 75th birthday. It is not recommended to change your system from one to the other because: Barts Health NHS Trust staff record summary contains the following fields: • the effort involved would be disproportionate to the end result • name • if you begin to weed files, you would need to do this retrospectively to all • previous names files, to avoid having two types of central HR file • assignment number • you cannot reverse the weeding process – if you decide to keep full records, it is impossible to remake historically weeded files complete again • pay bands • date of birth Both systems are acceptable, regardless of media. It is noted that organisations may have a hybrid system of paper historical staff files and digital current staff • addresses files. If possible, organisations should consider moving all their files into one • positions held format to create consistency. • start and end dates Where an organisation decides to use a summary, it must contain as a minimum: • reasons for leaving • a summary of the employment history with dates • building or sites worked at • pension information including eligibility • any work-related injury Disciplinary case files should be held in a separate file so they can be expired at • any exposure to asbestos, radiation and other chemicals which may cause the appropriate time and do not clutter up the main file. That does not mean illness in later life that there should be no record that the disciplinary process has been engaged in the main record, as it may be pertinent to have an indication to the disciplinary • professional training history and professional qualifications related to the case, but the full details and file must be kept separately from the main file. delivery of care • list of buildings where the member of staff worked, and the dates worked With regards to staff training records, it can be difficult to categorise them to in each location determine retention requirements but keeping all the records for the same length of time is also hard to justify. It is recommended that: • clinical training records are retained until 75th birthday or six years after the staff member leaves, whichever is the longer • statutory and mandatory training records are kept for ten years after training is completed • other training records are kept for six years after the training is completed

The Chartered Institute for Personnel and Development, and the ICO have provided further information and advice on the retention of HR records.

Records Management Code of Practice 2021 106 107

Transgender patient’s records However, it is not essential for a transgender person to have a GRC in order to change their name and gender in their patient record and receive a new NHS Sometimes patients change their gender and part of this may include medical number. They do not need to have been to a Gender Identity Clinic, taken any care. Records relating to these patients or service users are often seen as hormones, undergone any surgery, or have a Gender Recognition Certificate. more sensitive than other types of medical records. While all health and care records are subject to confidentiality restrictions, there are specific controls for Under the Equality Act (2010), Transgender people share the protected information relating to patients or service users with a Gender Recognition characteristic of ‘gender reassignment’. To be protected from gender Certificate. The use and disclosure of the information contained in these records reassignment discrimination, an individual does not need to have undergone any is subject to the Gender Recognition Act 2004, (GRA) which details specific specific treatment or surgery to change from their birth sex to their preferred restrictions and controls for these records. The GRA is clear that it is not an gender. This is because changing physiological or other gender attributes is a offence to disclose protected information relating to a person if that person personal process rather than a medical one. An individual can be at any stage in has agreed to the disclosure. The GRA is designed to protect trans patient and the transition process – from proposing to reassign their gender, to undergoing service user data and should not be considered a barrier to maintaining historic a process to reassign their gender, or having completed it. medical records where this is consented to by the user. Protected persons health records There are established processes in place with NHS Digital for patients undergoing transgender care in relation to the NHS number and the closing Where a record is that of someone known to be under a protected person and opening of new Spine records. In practice, nearly all actions relating to scheme, the record must be subject to greater security and confidentiality. It transgender records will be based on explicit consent. Discussions will take place may become apparent (via accidental disclosure) that the records are those of a between the GP and the patient regarding clinical care, what information in person under the protection of the courts for the purposes of identity. The right their current record can be moved to their new record and any implications this to anonymity extends to health and care records. For people under certain types decision may have (for example, they may not be called for a gender specific of protection, the individual will be given a new name and NHS Number, so the screening programme). Patients should be offered ways to maintain their records may appear to be that of a different person. historical records. This could include editing previous entries and removing references containing previous names and gendered language. Any decisions Youth offending service records made regarding their record must be respected and the records actioned accordingly. Due to the nature of youth offending, it is common for very short retention periods to be imposed on the general youth offending record. For purposes of Any patient or service user can request that their gender be changed in a record clinical liability and for continuity of care the health or social care portion of the by a statutory declaration, but the Gender Recognition Act 2004 provides record must be retained as specified in this Code, which will generally be until additional rights for those with a GRC. The formal legal process (as defined in the 25th birthday of the individual concerned. the Gender Recognition Act 2004) is that a Gender Reassignment Panel issues a Gender Reassignment Certificate. At this time a new NHS number can be issued, and a new record can be created, if it is the wish of the patient or service user. It is important to discuss with the patient or service user what records are moved into the new record and to discuss how to link any records held in any other health or care settings with the new record, including editing previous records to remove names, gender references or details. The content of the new record will be based on explicit consent under common law.

Records Management Code of Practice 2021 108 109

FORMAT OF RECORD Records in cloud storage must be managed just as records must be in any other environment and the temptation to use ever-increasing storage instead of good records management will not meet the records management recommendations Bring your own device (BYOD) created records of this Code. For example, if digital health and care records are uploaded to cloud storage for the duration of their retention period, then they must contain Any record that is created in the context of health and care business is the enough metadata to be able to be retrieved and a retention date applied so it intellectual property of the employing organisation and this extends to can be reviewed and actioned in good time. information created on personally owned computers and equipment. This in turn extends to emails and text messages sent in the course of business on Personal data that is stored in the cloud, and then left, risks breaching UK GDPR personally owned devices from personal accounts. They must be captured in the by being kept longer than necessary. This information would also be subject to record keeping system if they are considered to fall within the definition of a Subject Access process, and if not found or left unfound, would be a breach of record. the patient or service user’s rights.

When an individual staff member no longer works for the employing Email and record keeping implications organisation, any information that staff take away could be a risk to the organisation. If this includes personal data or confidential patient information, it Email is widely accepted as the primary communication tool used every day is reportable to the ICO and may be a breach of confidentiality. For this reason, by all levels of staff in organisations. They often contain business (or in some personal/confidential patient information should not be stored on the device cases clinical) information that is not captured elsewhere and so need to be unless absolutely necessary and appropriate security is in place. Local health and managed just like other records. The National Archives has produced guidance care organisations should have a policy on the use of BYOD by staff. Also refer on managing emails. to guidance on BYOD. Email has the benefit of fixing information in time and assigning the action Cloud-based records to an individual, which are two of the most important characteristics of an authentic record. However, a common problem with email is that it is rarely Use of cloud-based solutions for health and care is increasingly being considered saved in the business context. and used as an alternative to manage large networks and infrastructure. NHS and care services have been given approval to use cloud-based solution, The correct place to store email is in the record keeping system according to the provided they follow published guidance from NHS Digital and information on business classification scheme or file plan activity to which it relates. Solutions GOV.UK. such as email archiving and ever-larger mailbox quotas do not encourage staff to meet the standard of storing email in the correct business context and to declare Before any cloud-based solution is implemented there are a number of records the email as a record. considerations that must be addressed as set out by The National Archives. The ICO has issued guidance on cloud storage. Organisations must complete a DPIA Where email archiving solutions are of benefit is as a backup, or to identify key when considering using cloud solutions. individuals where their entire email correspondence can be preserved as a public record. Another important consideration is that at some point the service provider or solution will change and it will be necessary to migrate all of the records, Where email is declared as a record or as a component of a record, the entire including all the formats, onto another solution. Whilst this may be technically email must be kept, including attachments so the record remains integral - for challenging, it must be done, and contract provisions should be in place to do example, an email approving a business case must be saved with the business this. case file. All staff need to be adequately trained in required email storage and organisations need to:

Records Management Code of Practice 2021 110 111

• undertake periodic audits of working practice to identify poor practice Instant messaging records • have a policy in place that covers email management - including the appraisal, archiving and disposal of emails Health and care services are increasingly using instant messaging apps or platforms to share patient and service user information between health and care • take remedial action where poor practice or compliance is found professionals or to contact patients or services users in a transactional way, such as appointment reminders. NHSX has published guidance on this issue. Automatic deletion of email as a business rule may constitute an offence under Section 77 of the FOIA where it is subject to a request for information, even if Instant messaging apps or platforms should not be used as the main, or primary, the destruction is by automatic rule. The Courts’ civil procedure rules 31(B) also record for a person. Where possible, information shared in this way also needs require that a legal hold is placed on any information including email when an to have a place in the health or care record of that person. This could be a organisation enters into litigation. Legal holds can take many forms and records printout of the exchange; contents transcribed into the record; or a progress cannot be destroyed if there is a known process or a reasonable expectation that note accurately covering the exchange entered into the record. If the app or records will be needed for a future legal process such as: platform is the only place that information is stored, then it must be managed in line with this Code. • local inquiries into health or care issues • national inquiries Transactional messages, such as GP appointment reminders or pharmacy notifications that your prescription is ready for collection, have a short shelf-life • public inquiries and will no longer be needed once the appointment is attended or prescriptions collected. Organisations that use these systems should keep a record of messages • criminal or civil investigations sent to a person, in case they are needed later (such as proof that the patient • cases where litigation may be reasonably expected, for example, a patient was reminded of their appointment), but once it is clear that the purpose of the has indicated they will take the organisation to court message has been fulfilled, there is no requirement to keep these messages.

• a SAR (known or reasonably expected) Integrated viewing technology and record keeping • a FOI request (submitted or reasonably expected) Many record keeping systems pool records to create a view or portal of information, which can then be used to inform decisions. This in effect creates a This means that no record can be destroyed by a purely automated process single digital instance of a record, which is only correct at the time of viewing. without some form of review whether at aggregated or individual level for This may lead to legacy issues, especially in determining the authenticity of a continued retention or transfer to a PoD. record at any given point in the past. When deciding to use systems that pool records from different sources, organisations must be assured that the system The NHSmail system allows a single email account for every staff member that can can recreate a record at a given point in time, and not just be able to provide follow the individual through the course of their career. When staff transfer from a view at the time of access. This will enable a health or care provider to show one NHS organisation to another NHS organisation, they must ensure that no what information was available at the time a decision was made. sensitive data relating to the former organisation is transferred. It is good practice for staff to purge their email accounts of information upon transfer to prevent a Consideration should also be given to the authenticity and veracity of the breach of confidence or the transfer of classified information. This is facilitated by record, particularly if there is conflicting information presented by two or more staff storing only emails that need to be retained on an ongoing basis. contributors to the record. Some conflicts may be easier to resolve than others (for example, a person has a different address with two systems), however more Emails that are the sole record of an event or issue, for example, an exchange complex conflicts would require organisations to have a process or procedure to between a clinician and a patient, should be copied into the relevant health and agree how to resolve these. care record rather than being kept on the email system or deleted.

Records Management Code of Practice 2021 112 113

Scanned records Once scanned records have been digitised and the appropriate quality checks completed, it will then be possible to destroy the paper original, unless the This section applies to health and care records as much as it does to corporate format of the original has historical value, in which case consideration should be records. When looking to scan records, organisations need to consider the given to keeping it with a view to permanent transfer. Where paper is disposed following: of post-scanning, this decision must be made by the appropriate group or • the scanned image can perform equally as well as the original paper committee. A scan of not less than 300 dots per inch (or 118 dots per centimetre) as a minimum is recommended for most records although this may drop if clear • scanned images can be challenged in court (just as paper can) printed text is being scanned. Methods used to ensure that scanned records can be considered authentic are: • ability to demonstrate authenticity of the scanned image • board or committee level approval to scan records • ensure technical and organisational measures are in place to protect the integrity, usability and authenticity of the record, over its period of use and • a written procedure outlining the process to scan, quality check and any retention destruction process for the paper record • discussions need to take place with the local PoD over records that may • evidence that the process has been followed be permanently accessioned - they will need input into the format of the transferring record • technical evidence to show the scanning system used was operating correctly at the time of scanning • where the hard copy is retained, this will be legally preferable to the scanned image • an audit trail or secure system that can show that no alterations have been made to the record after the point they have been digitised

The legal admissibility of scanned records, as with any digital information, is • fix the scan into a file format that cannot be edited determined by how it can be shown that it is an authentic record. An indication of how the courts will interpret evidence can be found in the civil procedure Some common mistakes occur in scanning by: rules and the court will decide if a record, either paper or digital, can be admissible as evidence. • only scanning one side and not both sides, including blank pages - to preserve authenticity, both sides of the paper record, even if they are both The Archives and Records Association has produced a flow chart to support blank, must be scanned (this ensures the scanned record is an exact replica scanning processes. The British Standards Institution has published a standard of the paper original) that specifies the method of ensuring that electronic information remains • scanning a copy of a copy - leading to a degraded image authentic. The standard deals with both ‘born digital’ and scanned records. The best way to ensure that records are scanned in accordance with the standard is • not using a method that can show that the scanned record has not been to use a supplier or service that meets the standard following a comprehensive altered after it has been scanned – questions could be raised regarding procurement exercise, which complies with NHS due diligence. Using an process and authenticity BSI10008 accredited supplier, or an in-house accredited service would be seen as • no long-term plan to enable the digitised records to be stored or accessed best practice. over the period of their retention

For local scanning requirements or for those records where there is a low risk of being required to prove their authenticity, organisations may decide to do their Once you have identified digital records that are suitable for accessioning to own scanning following due diligence and internal compliance processes. This your local PoD or The National Archives (for national bodies, it is recommended may require a business case to be drawn up and approved, and procurement to follow published The National Archives guidance on the accessioning of rules followed to purchase the necessary equipment. digital records.

Records Management Code of Practice 2021 114 115

Social media Website as a business record

Organisations must have approved policies and guidance when using social As people interact with their public services, more commonly it is the internet media platforms. It is acknowledged that social media will mainly be used for and websites in particular that provide information, just as posters, publications promoting activities of the organisation, rather than as a way of communicating and leaflets once did exclusively. A person’s behaviour may be a result of care issues or interventions with patients or service users. Information posted on interaction with a website and it is considered part of the record of the activity. social media may also be classed as a corporate record and appropriate retention periods set where applicable. For this reason, websites form part of the record keeping system and must be preserved. It is also important to know what material was present on the Information posted on social media (such as details of upcoming meetings, website as this material is considered to have been published. Therefore, the or published policies) will usually be captured elsewhere in an organisation’s frequency of capture must be adequate or there must be some other method corporate records’ function, and where this is the case, there is no value in to recreate what the website or intranet visitor viewed. It may be possible retaining the information held in the social media platform, as it will be a to arrange regular crawls of the site with the relevant PoD but given the duplication of the corporate records management function. complexity of sites as digital objects, it may be necessary to use other methods of capture to ensure that this creates a formal record. The UK Government Web The National Archives have begun to capture social media content of NHS bodies Archive (part of The National Archives) undertook two central crawls of all NHS that have a national focus, such as NHS England and Improvement. Where sites in 2011 and 2012 and may have captured some from 2004 onwards but requested, this can also be extended to local NHS bodies, but this would be the the information captured will not include all levels of the sites or some dynamic exception not the rule. content.

National NHS organisations have their websites regularly captured by The National Archives and can (upon request) capture local organisation’s websites, where regional information would be captured that would not necessarily go to the local PoD (such as a CCG closing down). Local Authorities’ websites are not routinely captured by the WebArchive Team at The National Archives but they can do so in exceptional circumstances and if requested by the Authority.

Records Management Code of Practice 2021 116 117

Annex 1: Records at contract change

Characteristic Fair processing What to transfer? Sensitive records Characteristic Fair processing What to transfer? Sensitive records of new service required of new service required provider provider

NHS Provider from Light - notice on Entire record or N/A NHS Provider from Moderate – a letter Copy or summary Individual same premises and appointment letter summary of entire different premises informing patients of of entire record of communications involving the same explaining that there caseload. and different staff. the transfer with an current caseload. may not be staff. This may be a is a new provider. opportunity to object All records must be possible so merger or regional Local publicity or talk to someone transferred by the obtaining consent, reconfiguration. campaigns such as about the transfer. former provider to from the holder signage or posters the new provider. of the current located on premises. caseload, may need to be sought by Non-NHS Provider Light – notice Copy or summary N/A the old provider from same premises on appointment of entire record of before transfer. and involving letter explaining current caseload. It may not be the same staff. that there is a new possible to transfer This may be a provider. Local Former provider the record without merger or regional publicity campaign retains the original consent (to satisfy reconfiguration. involving signage record. confidentiality) and poster and local so in some cases communications or no records will be advertising. transferred.

NHS Provider from Light – notice Copy or summary N/A Non-NHS provider Moderate – a letter Copy or summary different premises on appointment of entire record of from different informing patients of of entire record of but with the same letter explaining current caseload. premises but with the transfer with an current caseload. staff. that there is a new same staff. opportunity to object provider. Local Former provider or talk to someone publicity campaign retains the original about the transfer. involving signage record. and poster and local communications or Non-NHS from High – a letter Copy or summary advertising. different premises informing patients of of entire record of and with different the transfer with an current caseload. staff. opportunity to object or talk to someone about the transfer.

Records Management Code of Practice 2021 Records Management Code of Practice 2021 AUGUST 2021